Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
npp.8.6.7.Installer.x64.exe

Overview

General Information

Sample name:npp.8.6.7.Installer.x64.exe
Analysis ID:1531792
MD5:d401161afb56b8647202e031cec1ae78
SHA1:6eb7ed61ccdb0bd5018271a3ec24b63b913fc281
SHA256:81470eb5917705fa0df03181b8112422671842bdcec5252a7894975b38058c91
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:20%

Compliance

Score:37
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Found API chain indicative of debugger detection
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Explorer Process Tree Break
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • npp.8.6.7.Installer.x64.exe (PID: 6288 cmdline: "C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe" MD5: D401161AFB56B8647202E031CEC1AE78)
    • regsvr32.exe (PID: 6864 cmdline: regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 1508 cmdline: /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • explorer.exe (PID: 5576 cmdline: "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)
    • notepad++.exe (PID: 4488 cmdline: "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log" MD5: 013DD1C256A30CC3926B828CCE0EBCC9)
  • explorer.exe (PID: 2212 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • notepad++.exe (PID: 6976 cmdline: "C:\Program Files\Notepad++\notepad++.exe" MD5: 013DD1C256A30CC3926B828CCE0EBCC9)
      • GUP.exe (PID: 1364 cmdline: "C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px64 MD5: 7744ED6FAC4775706938298F9CB5BA0D)
        • npp.8.7.Installer.x64.exe (PID: 6072 cmdline: "C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe" MD5: AA25B8D9BF2D7095F76D0BA6568785B1)
        • npp.8.7.Installer.x64.exe (PID: 4416 cmdline: "C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe" MD5: AA25B8D9BF2D7095F76D0BA6568785B1)
          • rundll32.exe (PID: 1404 cmdline: rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll MD5: 889B99C52A60DD49227C5E485A016679)
            • rundll32.exe (PID: 3468 cmdline: rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll MD5: EF3179D498793BF4234F708D3BE28633)
          • regsvr32.exe (PID: 1456 cmdline: regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
            • regsvr32.exe (PID: 3652 cmdline: /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • explorer.exe (PID: 6856 cmdline: "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)
          • notepad++.exe (PID: 5688 cmdline: "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log" MD5: 47F3922D5A017C971D39814E512EB57A)
      • WerFault.exe (PID: 6312 cmdline: C:\Windows\system32\WerFault.exe -u -p 6976 -s 1252 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • explorer.exe (PID: 4308 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: 662F4F92FDE3557E86D110526BB578D5)
    • notepad++.exe (PID: 2228 cmdline: "C:\Program Files\Notepad++\notepad++.exe" MD5: 47F3922D5A017C971D39814E512EB57A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Unpacked PEs

SourceRuleDescriptionAuthorStrings
17.2.npp.8.7.Installer.x64.exe.28ea1cb.1.raw.unpackMALWARE_Win_EXEPWSH_DLAgentDetects SystemBCditekSHen
  • 0x1f592a:$pwsh: powershell
  • 0x1f5946:$pwsh: powershell
  • 0x1f81be:$pwsh: powershell
  • 0x236acc:$pwsh: powershell
  • 0x24416c:$pwsh: powershell
  • 0x4c39e4:$pwsh: powershell
  • 0x56e129:$pwsh: powershell
  • 0x5839e7:$pwsh: powershell
  • 0x59ec0a:$pwsh: powershell
  • 0x682779:$pwsh: powershell
  • 0x6b6559:$pwsh: powershell
  • 0x6dc253:$pwsh: powershell
  • 0x6fefab:$pwsh: powershell
  • 0x721a4e:$pwsh: powershell
  • 0x7443a1:$pwsh: powershell
  • 0x766c69:$pwsh: powershell
  • 0x1ffdd7:$bitstansfer: Start-BitsTransfer
  • 0x418f7a:$s2: User-Agent:
  • 0x43d8ad:$s2: User-Agent:
  • 0x51505:$v6: start
  • 0x555e6:$v6: start
17.2.npp.8.7.Installer.x64.exe.288d26f.3.raw.unpackMALWARE_Win_EXEPWSH_DLAgentDetects SystemBCditekSHen
  • 0x252886:$pwsh: powershell
  • 0x2528a2:$pwsh: powershell
  • 0x25511a:$pwsh: powershell
  • 0x293a28:$pwsh: powershell
  • 0x2a10c8:$pwsh: powershell
  • 0x520940:$pwsh: powershell
  • 0x5cb085:$pwsh: powershell
  • 0x5e0943:$pwsh: powershell
  • 0x5fbb66:$pwsh: powershell
  • 0x6df6d5:$pwsh: powershell
  • 0x7134b5:$pwsh: powershell
  • 0x7391af:$pwsh: powershell
  • 0x75bf07:$pwsh: powershell
  • 0x77e9aa:$pwsh: powershell
  • 0x7a12fd:$pwsh: powershell
  • 0x7c3bc5:$pwsh: powershell
  • 0x25cd33:$bitstansfer: Start-BitsTransfer
  • 0x475ed6:$s2: User-Agent:
  • 0x49a809:$s2: User-Agent:
  • 0xae461:$v6: start
  • 0xb2542:$v6: start

Sigma Signatures

System Summary

barindex
Sigma detected: Explorer Process Tree Break
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems), @gott_cyber: Data: Command: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 752, ProcessCommandLine: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding, ProcessId: 2212, ProcessName: explorer.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004E9AD0 BCryptGenRandom,10_2_00007FFE004E9AD0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004E9CA0 BCryptGenRandom,10_2_00007FFE004E9CA0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00507D76 CertOpenStore,GetLastError,CryptStringToBinaryA,CertFindCertificateInStore,CertFreeCertificateContext,CertCloseStore,_fread_nolock,MultiByteToWideChar,PFXImportCertStore,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,CertFreeCertificateContext,10_2_00007FFE00507D76
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0050A140 CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx,CertFreeCertificateContext,10_2_00007FFE0050A140
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004DC2E0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,10_2_00007FFE004DC2E0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004DC410 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,10_2_00007FFE004DC410
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004DC490 CryptHashData,10_2_00007FFE004DC490
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004DC4A0 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,10_2_00007FFE004DC4A0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0050A560 CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,10_2_00007FFE0050A560
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0050AA80 CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx,10_2_00007FFE0050AA80
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004EECD0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,10_2_00007FFE004EECD0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004EED50 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,10_2_00007FFE004EED50
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004EEDE0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,10_2_00007FFE004EEDE0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004BF3B0 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,10_2_00007FFE004BF3B0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00507B10 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,10_2_00007FFE00507B10
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_f17e4f4d-7
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: mov dword ptr [rbp+04h], 424D53FFh10_2_00007FFE004F0430
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeEXE: regsvr32.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeEXE: regsvr32.exeJump to behavior
Uses 32bit PE files
Source: npp.8.6.7.Installer.x64.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Found installer window with terms and condition text
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeWindow detected: < &BackI &AgreeCancelThe best things in life are free. Notepad++ is free so Notepad++ is the best The best things in life are free. Notepad++ is free so Notepad++ is the bestLicense AgreementPlease review the license terms before installing Notepad++ v8.6.7.Press Page Down to see the rest of the agreement.COPYING -- Describes the terms under which Notepad++ is distributed.A copy of the GNU GPL is appended to this file.IMPORTANT NOTEPAD++ LICENSE TERMSCopyright (C)2021 Don HO <don.h@free.fr>. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 3 with the clarifications and exceptions described below. This guarantees your right to use modify and redistribute this software under certain conditions.This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.******************************************************************GNU GENERAL PUBLIC LICENSEVersion 3 29 June 2007Copyright (C) 2007 Free Software Foundation Inc. <https://fsf.org/>Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed.PreambleThe GNU General Public License is a free copyleft license for software and other kinds of works.The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We the Free Software Foundation use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs too.When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things.To protect your rights we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore you have certain responsibilities if you distribute copies of the software or if you modify it: responsibilities to respect the freedom of others.For example if you distribute copies of such a program whether gratis or for a fee you must pass on to the recipients the same freedoms that you received. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights.Developers that use the GNU GPL protect your rights with two steps: (1) as
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeWindow detected: < &BackI &AgreeCancelThe best things in life are free. Notepad++ is free so Notepad++ is the best The best things in life are free. Notepad++ is free so Notepad++ is the bestLicense AgreementPlease review the license terms before installing Notepad++ v8.7.Press Page Down to see the rest of the agreement.COPYING -- Describes the terms under which Notepad++ is distributed.A copy of the GNU GPL is appended to this file.IMPORTANT NOTEPAD++ LICENSE TERMSCopyright (C)2021 Don HO <don.h@free.fr>. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 3 with the clarifications and exceptions described below. This guarantees your right to use modify and redistribute this software under certain conditions.This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.******************************************************************GNU GENERAL PUBLIC LICENSEVersion 3 29 June 2007Copyright (C) 2007 Free Software Foundation Inc. <https://fsf.org/>Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed.PreambleThe GNU General Public License is a free copyleft license for software and other kinds of works.The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We the Free Software Foundation use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs too.When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things.To protect your rights we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore you have certain responsibilities if you distribute copies of the software or if you modify it: responsibilities to respect the freedom of others.For example if you distribute copies of such a program whether gratis or for a fee you must pass on to the recipients the same freedoms that you received. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights.Developers that use the GNU GPL protect your rights with two steps: (1) asse
Creates a directory in C:\Program Files
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++Jump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletionJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\c.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\cpp.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\java.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\cs.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\html.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\rc.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\sql.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\php.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\css.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\vb.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\perl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\javascript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\python.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\actionscript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\lisp.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\vhdl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\tex.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\xml.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\nsis.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\cmake.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\batch.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\coffee.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\BaanC.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\lua.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\autoit.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\cobol.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\typescript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\powershell.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\gdscript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\go.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\raku.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionListJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\c.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\cpp.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\java.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\cs.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\asm.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\bash.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\sql.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\php.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\cobol-free.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\cobol.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\perl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\javascript.js.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\python.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\lua.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\ini.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\inno.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\vhdl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\krl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\nsis.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\powershell.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\batch.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\ruby.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\baanc.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\sinumerik.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\autoit.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\universe_basic.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\xml.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\ada.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\fortran.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\fortran77.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\haskell.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\rust.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\typescript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\pascal.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\gdscript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\raku.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\hollywood.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\nppexec.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\overrideMap.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\pluginsJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppExportJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppExport\NppExport.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\mimeToolsJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppConverterJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updaterJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\GUP.exeJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\libcurl.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\gup.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\LICENSEJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\README.mdJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\updater.icoJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\ConfigJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\langs.model.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\stylers.model.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenu.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\shortcuts.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\nppLogNulContentCorruptionIssue.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\LICENSEJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\change.logJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\readme.txtJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\notepad++.exeJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\localizationJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\localization\english.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\disabledJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themesJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\DarkModeDefault.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Black board.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Choco.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Hello Kitty.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Mono Industrial.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Monokai.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Obsidian.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Plastic Code Wrap.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Ruby Blue.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Twilight.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Vibrant Ink.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Deep Black.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\vim Dark Blue.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Bespin.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Zenburn.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Solarized.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Solarized-light.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\HotFudgeSundae.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\khaki.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\MossyLawn.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Navajo.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\DansLeRuSH-Dark.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenuJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenu\NppShell.msixJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenu\NppShell.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\uninstall.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\toml.xml
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\tex.xml
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\latex.xml
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenu\NppShell.dll
Creates a software uninstall entry
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++Jump to behavior
Creates license or readme file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\readme.txtJump to behavior
PE / OLE file has a valid certificate
Source: npp.8.6.7.Installer.x64.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 84.32.84.219:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49748 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: npp.8.6.7.Installer.x64.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\sources\nppShell\x64\Release\NppShell.x64.pdb3 source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sources\nppShell\x64\Release\NppShell.x64.pdb source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sources\nppPluginList\bin64\nppPluginList.pdb source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_004069DF FindFirstFileW,FindClose,0_2_004069DF
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D8E
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052DE00 FindFirstFileExW,10_2_00007FFE0052DE00
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_00402910 FindFirstFileW,14_2_00402910
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_004069DF FindFirstFileW,FindClose,14_2_004069DF
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,14_2_00405D8E
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_00402910 FindFirstFileW,17_2_00402910
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_004069DF FindFirstFileW,FindClose,17_2_004069DF
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,17_2_00405D8E
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB455D4 FindFirstFileExW,28_2_00007FFE0EB455D4
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150D270 FindFirstFileExW,28_2_00007FFE1150D270
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A51D184 FindFirstFileExW,28_2_00007FFE1A51D184
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F25E0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,10_2_00007FFE004F25E0
Source: global trafficHTTP traffic detected: GET /update/getDownloadUrl.php?version=8.67&param=x64 HTTP/1.1Host: notepad-plus-plus.orgUser-Agent: Notepad++/8.67 (WinGup/5.28)Accept: */*
Source: global trafficHTTP traffic detected: GET /notepad-plus-plus/notepad-plus-plus/releases/download/v8.7/npp.8.7.Installer.x64.exe HTTP/1.1Host: github.comUser-Agent: Notepad++/8.67 (WinGup/5.28)Accept: */*
Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/33014811/abe46154-dbaa-4461-8680-a6be44a2f318?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241011%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241011T183437Z&X-Amz-Expires=300&X-Amz-Signature=704e82536a38d3f76c1102d79c63a642f129936dda0fb3e51643ea485003fc9c&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dnpp.8.7.Installer.x64.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comUser-Agent: Notepad++/8.67 (WinGup/5.28)Accept: */*
Source: notepad++.exe, 0000001C.00000000.2476917701.00007FF6E5C4B000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000001C.00000002.2971138093.00007FF6E5C4B000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: ----------------------------------------------------------/select,explorerSelect a folder to add in Folder as Workspace panelSelectFolderFromBrowserStringhttp://FilePathNotFoundWarningThe file you're trying to open doesn't exist.File Openhttps://search.yahoo.com/search?q=$(CURRENT_WORD)https://duckduckgo.com/?q=$(CURRENT_WORD)https://www.google.com/search?q=$(CURRENT_WORD)https://Sorting ErrorRich Text FormatHTML Formathttps://stackoverflow.com/search?q=$(CURRENT_WORD)Find: Found the 1st occurrence from the bottom. The beginning of the document has been reached.Find: Found the 1st occurrence from the top. The end of the document has been reached.SortingErrorUnable to perform numeric sorting due to line $INT_REPLACE$.firefox.exeColumnModeTipThere are 3 ways to switch to column-select mode: equals www.yahoo.com (Yahoo)
Source: notepad++.exe, 00000009.00000000.2016361940.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 00000009.00000002.2319288862.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000000B.00000000.2022748994.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: ----------------------------------------------------------An attempt was made to execute the below command.explorerSelect a folder to add in Folder as Workspace panelSelectFolderFromBrowserStringShellExecute - ERRORFilePathNotFoundWarningThe file you're trying to open doesn't exist.File Open/select,https://duckduckgo.com/?q=$(CURRENT_WORD)https://www.google.com/search?q=$(CURRENT_WORD)https://http://Rich Text FormatHTML Formathttps://stackoverflow.com/search?q=$(CURRENT_WORD)https://search.yahoo.com/search?q=$(CURRENT_WORD)Column Mode TipSortingErrorUnable to perform numeric sorting due to line $INT_REPLACE$.Sorting Errorchrome.exefirefox.exeColumnModeTipThere are 3 ways to switch to column-select mode: equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: notepad-plus-plus.org
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alternateidea.com/blog/articles/2006/01/03/textmate-vibrant-ink-theme-and-prototype-bundle)
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://architectshack.com/PoorMansTSqlFormatter.ashx
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/Digi
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2174166347.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2173640520.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315544527.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2314805121.000001ACC3722000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2130187479.0000024DE5E02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/licenses/by/3.0/
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCert
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredID
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2174166347.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2173640520.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315544527.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertT
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2314805121.000001ACC3722000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128274148.0000024DE5DF4000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2130187479.0000024DE5E02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2314805121.000001ACC3722000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128274148.0000024DE5DF4000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dejavu.sourceforge.net/wiki/index.php/Main_Page
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ethanschoonover.com/solarized
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://framework.lojcomm.com.br/tmTheme2nppStyler/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fsf.org/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kippura.org/zenburnpage/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://media.nodnod.net/Inconsolata-dz.otf.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://notepad-plus.sourceforge.net/commun/update/getDownLoadUrl.php
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000000.1708138105.000000000040A000.00000008.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 0000000E.00000002.2168985434.000000000040A000.00000008.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000000.2174233824.000000000040A000.00000008.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2314805121.000001ACC3722000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2130187479.0000024DE5E02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2174166347.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2173640520.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315544527.000001ACC39C9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sourceforge.net/donate/index.php?group_id=95717
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sourceforge.net/p/notepad-plus/patches/613/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/19246077/how-to-add-lua-functions-to-the-notepad-functionlist-xml
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/32126855/notepad-and-ada
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2168262353.000001ACC3AC0000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316116082.000001ACC3ACB000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2962898421.0000027384000000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tortoisesvn.tigris.org/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiseheartdesign.com/articles/2006/03/11/ruby-blue-textmate-theme)
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.3276.hu
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ada-auth.org/standards/overview22.html
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2314805121.000001ACC3722000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geoffray.be
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000002.2176204340.0000024DE5DA6000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vim.org/scripts/script.php?script_id=190
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vim.org/scripts/script.php?script_id=1987
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zend.lojcomm.com.br/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ashkulz.github.io/NppFTP/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/rdipardo/dbgp
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/rdipardo/dbgp/downloads/dbgpPlugin_v0.14.2.1_x64.zip
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/rdipardo/dbgpCZ.
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/rdipardo/htmltag/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/rdipardo/htmltag/downloads/HTMLTag_v1.4.4_x64.zip
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/rdipardo/htmltag/sZ
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/uph0/filefinder
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/uph0/filefinder/downloads/FileFinder.v0.3.0.x64.bin.zip
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/uph0/filefinderoZ
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/uph0/sourcecookifier/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/uph0/sourcecookifier/downloads/SourceCookifier.v0.10.0.x64.bin.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.notepad-plus-plus.org/topic/11554/function-list-for-vhdl
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by-nc-sa/3.0/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/V
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, GUP.exe, 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/copyright.htmlD
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, GUP.exe, 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, GUP.exe, 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dansleru.sh
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://editorconfig.org/.
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fossil.2of4.net/npp_preview
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fossil.2of4.net/npp_preview/zip/PreviewHTML64.zip%3Fname%3D%26uuid%3Dv1.3.2.0-64
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fossil.2of4.net/npp_preview;
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039128456.00000000027BD000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499646834.0000000002784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fsf.org/
Source: notepad++.exe, 00000009.00000002.2316826565.000001ACC3B8F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.c
Source: notepad++.exe, 00000009.00000002.2316826565.000001ACC3B8F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.c/CSVLint/tyle
Source: notepad++.exe, 00000009.00000002.2316826565.000001ACC3B8F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.cRosi/CADdyTools30c9101l
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BdR76/CSVLint/
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BdR76/CSVLint/64.zip.zip9
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BdR76/CSVLint/releases/download/0.4.6.6/CSVLint_x64.zip
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BdR76/CSVLint/tyle
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BdR76/RandomValuesNPP/
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BdR76/RandomValuesNPP/_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BdR76/RandomValuesNPP/releases/download/0.3/RandomValuesNppPlugin_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BdR76/RandomValuesNPP/releases/download/0.3/RandomValuesNppPlugin_x64.zipP
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Chocobo1/nppAutoDetectIndent
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384634000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Chocobo1/nppAutoDetectIndent/releases/download/2.3/x64.zip
Source: notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Chocobo1/nppAutoDetectIndent/releases/download/2.3/x64.zipp.ini
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Chocobo1/nppAutoDetectIndentp
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Coises/ColumnsPlusPlus
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Coises/ColumnsPlusPlus/releases/download/v1.0.6/ColumnsPlusPlus-1.0.6-x64.zip
Source: notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Coises/ColumnsPlusPlus/releases/download/v1.0.6/ColumnsPlusPlus-1.0.6-x64.zip$
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Coises/ColumnsPlusPlusg
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/DominicTobias/SecurePad
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/DominicTobias/SecurePad/releases/download/v2.4/SecurePad_v2.4_x64.zip
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/DominicTobias/SecurePadip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Dook1/Bookmarks-Dook
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Dook1/Bookmarks-Dook/releases/download/v4.0.4/BookmarksDook.64.4.0.4.zip
Source: notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Dook1/Bookmarks-Dook/releases/download/v4.0.4/BookmarksDook.64.4.0.4.zip0
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Dook1/Bookmarks-Dook/releases/download/v4.0.4/BookmarksDook.64.4.0.4.zipM
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Dook1/Bookmarks-Dook1ZX
Source: notepad++.exe, 00000009.00000003.2169592451.000001ACC3811000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315303218.000001ACC3832000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2171729069.000001ACC382E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2170965269.000001ACC3815000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2029905481.0000021B95B71000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2042725815.0000021B95A31000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2038254217.0000021B95BF6000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2032828236.0000021B95BCE000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043402615.0000021B95A36000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043540267.0000021B95A4E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2045891135.0000021B95A53000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2033342504.0000021B95BD9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2031777396.0000021B95B7D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2042149234.0000021B95BFF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043229028.0000021B95BFF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2033691922.0000021B95BE9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000002.2049815080.0000021B95A53000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2039572823.0000021B95BF9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2496335382.0000025E0F247000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Edditoria/markdown-plus-plus
Source: notepad++.exe, 00000009.00000003.2169592451.000001ACC3811000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315303218.000001ACC3832000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2171729069.000001ACC382E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2170965269.000001ACC3815000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2029905481.0000021B95B71000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2038254217.0000021B95BF6000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2032828236.0000021B95BCE000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2033342504.0000021B95BD9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2031777396.0000021B95B7D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2042149234.0000021B95BFF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043229028.0000021B95BFF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2033691922.0000021B95BE9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2039572823.0000021B95BF9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Edditoria/markdown-plus-plus/blob/master/LICENSE.txt
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ekopalypse/EnhanceAnyLexer
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ekopalypse/EnhanceAnyLexer/releases/download/v.1.4.0/EnhanceAnyLexer_x64_PluginAd
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ekopalypse/EnhanceAnyLexerL
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Fruchtzwerg94/PlantUmlViewer
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Fruchtzwerg94/PlantUmlViewer/releases/download/1.7.0.11/PlantUmlViewer_v1.7.0.11_
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Hsilgos/nppsaveasadmin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Hsilgos/nppsaveasadmin/releases/download/1.0.211/NppSaveAsAdmin_1.0.211_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Jiangshan00001/npp_MZC8051
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Jiangshan00001/npp_MZC8051/releases/download/0.0.1/MZC8051_x64.zip
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Jiangshan00001/npp_MZC8051/releases/download/0.0.1/MZC8051_x64.zipY/v
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Jiangshan00001/npp_MZC8051/releases/download/0.0.1/MZC8051_x64.zip_
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Krazal/nppopenai
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Krazal/nppopenai/releases/download/v0.3.0.1/NppOpenAI_x64.zip
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Krazal/nppopenai/releases/download/v0.3.0.1/NppOpenAI_x64.zipm/B
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Krazal/nppopenai45
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Krazal/nppopenaig
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KubaDee/NppTextViz
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KubaDee/NppTextViz/releases/download/v0.4.2/NppTextViz_x64_v0.4.2.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KubaDee/SelectToClipboard
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KubaDee/SelectToClipboard/releases/download/v1.0.3/SelectToClipboard_x64_v1.0.3.z
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3B8F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KvanTTT/NppGist
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KvanTTT/NppGist/releases/download/1.5.1/NppGist-x64-1.5.1.35.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Leonard-The-Wise/NWScript-Npp
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Leonard-The-Wise/NWScript-Npp/releases/download/v1.2.0/nwscript-npp.v1.2.0-x64.zi
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316610460.000001ACC3B5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182920222.000001ACC3B5B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/MIvanchev/NppEventExec
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/MIvanchev/NppEventExec/releases/download/v0.9.0/NppEventExec-plugin-x64-0.9.0.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/MarioRosi/CADdyTools
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/MarioRosi/CADdyTools/releases/download/1.1.3.7/CADdyTools_v1137_x64.zip
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/MarioRosi/CADdyTools30c9101l
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Megabyteceer/npp-task-list
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Megabyteceer/npp-task-list/releases/download/v2.6.0/NppTaskList_v2.6.0_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pascal-Krenckel/NppGZipFileViewer
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pascal-Krenckel/NppGZipFileViewer/releases/download/v3.0.1/NppGZipFileViewerX64.t
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Predelnik/DSpellCheck
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Predelnik/DSpellCheck/releases/download/v1.5.0/DSpellCheck_x64.zip
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Predelnik/DSpellCheck/releases/download/v1.5.0/DSpellCheck_x64.zip=/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316577282.000001ACC3B58000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ScienceDiscoverer/CommentToggler
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ScienceDiscoverer/CommentToggler/releases/download/1.0.0/CommentToggler.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SinghRajenM/nppURLPlugin
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SinghRajenM/nppURLPlugin/releases/download/1.2.0.0/urlPlugin_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SinghRajenM/nppURLPlugin/releases/download/1.2.0.0/urlPlugin_x64.zipW
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/StanDog/npp-zoomdisabler
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/StanDog/npp-zoomdisabler/raw/master/RELEASES/zoomdisabler_1.2.0.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TaoK/PoorMansTSqlFormatter/releases/download/1.6.13/SqlFormatterNppPlugin.x64.1.6
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Zukaritasu/notepadpp_rpc
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Zukaritasu/notepadpp_rpc/releases/download/v1.8.6/DiscordRPC_v1.8.6_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ahmoylaw/RegexTrainer-Descriptions
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ahmoylaw/RegexTrainer-Descriptions/raw/master/Release-x64-1.2.0/RegexTrainer.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ashkulz/NppFTP/releases/download/v0.29.13/NppFTP-x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3B8F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/azerg/NppBplistPlugin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/azerg/NppBplistPlugin/releases/download/2.0.0.3/NppBplistPlugin_x64.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/azerg/NppBplistPlugin/releases/download/2.0.0.3/NppBplistPlugin_x64.zipd
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/azerg/NppBplistPluginory.v
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/blu3mania/npp-papyrus
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/blu3mania/npp-papyrus.2.2-x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/blu3mania/npp-papyrus/releases/download/v1.2.2/PapyrusPlugin-v1.2.2-x64.zip
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/blu3mania/npp-papyrus85I
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/bruderstein/PythonScript
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/bruderstein/PythonScript/releases/download/v2.0.0/PythonScript_Full_2.0.0.0_x64_P
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/ImgTag/releases/download/2.0.1.8/ImgTag_2.0.1.8_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2313894105.000001ACC1819000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/JumpList/releases/download/1.2.2.10/NppJumpList_1.2.2.10_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/JumpList/releases/download/1.2.2.10/NppJumpList_1.2.2.10_x64.zipO
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NPP_ExportPlugin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NPP_ExportPlugin/releases/download/0.4.0/NppExport_0.4.0_x64.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NPP_ExportPlugin/releases/download/0.4.0/NppExport_0.4.0_x64.zips
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NPP_HexEdit
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NPP_HexEdit/releases/download/0.9.12/HexEditor_0.9.12_x64.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NPP_HexEdit/releases/download/0.9.12/HexEditor_0.9.12_x64.zip2
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NPP_HexEditase.uZ
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NppDocShare/releases/download/0.1.13/NppDocShare_0.1.13_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/NppDocShare/releases/download/0.1.13/NppDocShare_0.1.13_x64.zipF
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/SpeechPlugin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/SpeechPlugin/releases/download/v0.4.0/SpeechPlugin_v0.4.0_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/npp-session-manager/releases/download/v1.4.4/SessionMgr_v1.4.4_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/npp-session-manager/releases/download/v1.4.4/SessionMgr_v1.4.4_x64.zipN
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/npp.connections/releases/download/1.1/npp.connections-1.1-x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/rustnpp/releases/download/1.0.2/rustnpp_1.0.2_x86_64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chcg/rustnpp/releases/download/1.0.2/rustnpp_1.0.2_x86_64.zip%
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481893248.000002738469F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846A2000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/cmbsolutions/nppRandomStringGenerator
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028489315.000001ACC3BCD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316978854.000001ACC3BD0000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169091363.000001ACC3BD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/cmbsolutions/nppRandomStringGenerator/releases/download/v1.9.1/nppRandomStringGen
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/cpmcgrath/codealignment
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/cpmcgrath/codealignment/releases/download/v14.1/CodeAlignmentNpp_v14.1_x64.zip
Source: notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/cpmcgrath/codealignment/releases/download/v14.1/CodeAlignmentNpp_v14.1_x64.zip.mo
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/cpmcgrath/codealignmentG
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d0vgan/npp-XBracketsLite
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d0vgan/npp-XBracketsLite/releases/download/v131/XBrackets_v131_dll_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d0vgan/nppexec
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/d0vgan/nppexec/releases/download/v088/NppExec_088_dll_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/daddel80/notepadpp-multireplace
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/daddel80/notepadpp-multireplace/releases/download/3.0.0.12/MultiReplace-v3.0.0.12
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/BetterMultiSelection
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/BetterMultiSelection/releases/download/v1.5/BetterMultiSelection_v1.5_x6
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/DoxyIt
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/DoxyIt/releases/download/v0.4.4/DoxyIt_v0.4.4_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/DoxyIt/releases/download/v0.4.4/DoxyIt_v0.4.4_x64.zipA
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/DoxyIt/releases/download/v0.4.4/DoxyIt_v0.4.4_x64.zipD
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/DoxyItaZ
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/DoxyItified1
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/LuaScript
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/LuaScript/releases/download/v0.12/LuaScript_v0.12_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/SurroundSelection
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/SurroundSelection/releases/download/v1.4.1/SurroundSelection_v1.4.1_x64.
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dail8859/SurroundSelectiona
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/davidsover/nppJSFunctionViewer
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/davidsover/nppJSFunctionViewer/releases/download/v1.1.0/JSFunctionViewer_x64.zip
Source: notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/davidsover/nppJSFunctionViewer/releases/download/v1.1.0/JSFunctionViewer_x64.zipE
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/davidsover/nppJSFunctionViewerd
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/deadem/notepad-pp-linter
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.000002738467B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/deadem/notepad-pp-linter/raw/v0.1.0.0/bin/x64/linter.zip
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/deadem/notepad-pp-linter4
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dinkumoil/NppUISpy
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dinkumoil/NppUISpy/releases/download/v1.2/NppUISpy_v1.2_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominikcebula/npp-java-plugin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominikcebula/npp-java-plugin/releases/download/v0.4.0/NppJavaPlugin_v0.4.0_x64.z
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominikcebula/npp-java-pluginAP
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/editorconfig/editorconfig-notepad-plus-plus
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/editorconfig/editorconfig-notepad-plus-plus/releases/download/v0.4.0/NppEditorCon
Source: notepad++.exe, 00000009.00000002.2314048585.000001ACC185A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2177438511.000001ACC184E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/editorconfig/editorconfig-notepad-plus-plus4
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/eljefe7000/RestApiToText
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/eljefe7000/RestApiToText/raw/master/x64/Release/v1.4.0.1/RestApiToText.zip
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/eljefe7000/RestApiToTextL5E
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ffes/indentbyfold/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ffes/indentbyfold/releases/download/v0.7.3/IndentByFold-073-x64.zip
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ffes/indentbyfold/zipyZ
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ffes/nppsnippets/releases/download/v1.7.1/NppSnippets-171-x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028411660.000001ACC3BD4000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ffes/npptags/releases/download/v0.9.1/NppTags-091-x64.zip
Source: notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ffes/npptags/releases/download/v0.9.1/NppTags-091-x64.zipenN
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ffes/selectquotedtext/releases/download/v1.1.0/SelectQuotedText-110-x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ffes/selectquotedtext/releases/download/v1.1.0/SelectQuotedText-110-x64.zipB
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/AutoSave/AutoSave_dll_2v00_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/LanguageHelp/LanguageHelp_dll_1v75_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/MenuIcons/MenuIcons_dll_2v07_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/MenuIcons/MenuIcons_dll_2v07_x64.zipY
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/OpenSelection/OpenSelection_dll_1v13_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/RunMe/RunMe_dll_1v61_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/TakeNotes/TakeNotes_dll_1v27_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/TakeNotes/TakeNotes_dll_1v27_x64.zip9
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/TakeNotes/TakeNotes_dll_1v27_x64.zipV
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins/raw/main/TopMost/TopMost_dll_1v42_x64.zip
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPlugins=
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPluginsH5Y
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/francostellari/NppPluginsf
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gallettube/MusicPlayer/releases/download/1.0.11/MusicPlayer_1.0.11x64.dll.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gup4win/wingup).
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gup4win/wingup/blob/master/vcproj/GUP.sln)
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gurikbal/Merge-files-in-one
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gurikbal/Merge-files-in-one#
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gurikbal/Merge-files-in-one/releases/download/1.2.0.0/Merge.files.in.one_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gurikbal/Remove_dup_lines
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gurikbal/Remove_dup_lines/releases/download/1.3.0.2/Remove_dup_lines_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gurikbal/Remove_dup_lines/releases/download/1.3.0.2/Remove_dup_lines_x64.zip0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/heldersepu/nppfavorites
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/heldersepu/nppfavorites/releases/download/1.0.0.1.21/NppFavorites_1.0.0.1.21_x64.
Source: notepad++.exe, 00000009.00000002.2316610460.000001ACC3B5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182920222.000001ACC3B5B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/heldersepu/nppfavoritesq
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/incrediblejr/nppplugins/releases/download/v3.0.1/nppplugin_ofis2_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/incrediblejr/nppplugins/releases/download/v3.0.1/nppplugin_solutionhub_ui_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/incrediblejr/nppplugins/releases/download/v3.0.1/nppplugin_solutionhub_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/incrediblejr/nppplugins/releases/download/v3.0.1/nppplugin_solutiontools_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/incrediblejr/nppplugins/releases/download/v3.0.1/nppplugin_svn_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/incrediblejr/nppplugins/releases/download/v3.0.1/nppplugin_svn_x64.zipk
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2183719114.000001ACC3B7C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316786683.000001ACC3B7D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jcaillon/3P/releases/download/v1.8.8/3P_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jeanpaulrichter/nppcrypt
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jeanpaulrichter/nppcrypt/releases/download/1.0.1.6/nppcrypt_1.0.1.6_x64.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jeanpaulrichter/nppcrypt/releases/download/1.0.1.6/nppcrypt_1.0.1.6_x64.zipj
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jeanpaulrichter/nppcryptD5M
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jejemorg/NppPluginOpenHost/
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jejemorg/NppPluginOpenHost/i
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jejemorg/NppPluginOpenHost/releases/download/1.1/NppPluginOpenHost.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/joaoasrosa/nppxmltreeview/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/joaoasrosa/nppxmltreeview/releases/download/v2.0.0/NppXMLTreeViewPlugin_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jokedst/CsvQuery
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jokedst/CsvQuery/releases/download/v1.2.9/CsvQuery-v1.2.9-x64.zip
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jokedst/CsvQuery/releases/download/v1.2.9/CsvQuery-v1.2.9-x64.zip%/
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jokedst/CsvQuerye
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/kapilratnani/JSON-Viewer
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/kapilratnani/JSON-Viewer/releases/download/v2.0.7.0/NPPJSONViewer_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/kapilratnani/JSON-Viewer/releases/download/v2.0.7.0/NPPJSONViewer_x64.zipo
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/kapilratnani/JSON-Viewer/releases/download/v2.0.7.0/NPPJSONViewer_x64.zipx
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/leonardchai/FoldingLineHider
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/leonardchai/FoldingLineHider/releases/download/v1.1/FoldingLineHider1.1.x64.zip
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/leonardchai/FoldingLineHiderJ
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/lygstate/NotepadStarter/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/lygstate/NotepadStarter/releases/download/2.3.3.0/NotepadStarter_2.3.3.0_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mariusv-github/ElasticTabstops
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mariusv-github/ElasticTabstops/releases/download/v1.5.0/ElasticTabstops_x64_1.5.0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/megaboich/js-map-parser/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/megaboich/js-map-parser/releases/download/4.2/JsMapParser_NppPlugin_4_2_x64.zip
Source: notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/megaboich/js-map-parser/releases/download/4.2/JsMapParser_NppPlugin_4_2_x64.zipyp
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/michaelxzhang/Npp-Highlighter
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/michaelxzhang/Npp-Highlighter/releases/download/v1.0.0.1/Npp-Highlighter_x64.zip
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/michaelxzhang/Npp-Highlighterip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mohzy83/NppMarkdownPanel
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mohzy83/NppMarkdownPanel/releases/download/0.7.3.1/NppMarkdownPanel-0.7.3.0-x64.z
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182920222.000001ACC3B5B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/molsonkiko
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/molsonkiko/HugeFiles/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/molsonkiko/HugeFiles/releases/download/v0.4.1/Release_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/molsonkiko/JsonToolsNppPlugin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/molsonkiko/JsonToolsNppPlugin/releases/download/v7.2.0/Release_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/molsonkiko/JsonToolsNppPlugin/releases/download/v7.2.0/Release_x64.zipK
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/molsonkikoSymbqqs
Source: notepad++.exe, 00000009.00000002.2316646936.000001ACC3B66000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/molsonkikoce581fa63b02
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/morbac/xmltools
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/morbac/xmltools/releases/download/3.1.1.13/XMLTools-3.1.1.13-x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nea/MarkdownViewerPlusPlus/releases/download/0.8.2/MarkdownViewerPlusPlus-0.8.2-x
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/niccord/BracketsCheck/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/niccord/BracketsCheck/releases/download/v1.2.3/BracketsCheck_1-2-3_x64.zip
Source: notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/niccord/BracketsCheck/releases/download/v1.2.3/BracketsCheck_1-2-3_x64.zipG
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nika-begiashvili/rustnpp
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044763097.0000021B95A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044730349.0000021B95D21000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2042725815.0000021B95A31000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2029222671.0000021B95A98000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2041184747.0000021B95D21000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2041437831.0000021B95D21000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043402615.0000021B95A36000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000002.2050255961.0000021B95D24000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044030812.0000021B95A46000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043447852.0000021B95D21000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2041540864.0000021B95D21000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2505551659.0000025E0EEFD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2497257481.0000025E0F2C6000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2502280835.0000025E0F4DD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2503891095.0000025E0F2C8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2507447996.0000025E0EF2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/notepad-plus-plus/notepad-plus-plus/issues/4563
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/notepad-plus-plus/wingup/blob/master/src/translations/corsican.xml
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/converter/
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/converter/64.zipE.1
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/converter/releases/download/v4.6/nppConvert.v4.6.x64.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/converter/releases/download/v4.6/nppConvert.v4.6.x64.zipm
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3B8F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/mimetools
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/mimetools/releases/download/v3.1/mimetools.v3.1.x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182920222.000001ACC3B5B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/plugindemo/releases/download/v4.4/pluginDemo.v4.4.bin.x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/plugintemplate/releases/download/v4.4/pluginTemplate.v4.4.bin.x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/pork2sausage
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/pork2sausage/releases/download/v2.5/pork2sausage.2.5.bin.x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/pork2sausage/releases/download/v2.5/pork2sausage.2.5.bin.x64.zipy
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/selectnlaunch
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npp-plugins/selectnlaunch/releases/download/v2.2/selectNLaunch.v2.2.bin.x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3B96000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oleg-shilo
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3B96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oleg-shilo.
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oleg-shilo/cs-script.npp
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oleg-shilo/cs-script.npp/releases/download/v2.0.4.0/CSScriptNpp.2.0.4.0.x64.zip
Source: notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oleg-shilo/cs-script.npp/releases/download/v2.0.4.0/CSScriptNpp.2.0.4.0.x64.zipVe
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oleg-shilo/cs-script.npp/releases/download/v2.0.4.0/CSScriptNpp.2.0.4.0.x64.zipW
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oleg-shilo/scripts.npp/releases/download/v2.0.0.0/NppScripts.x64.zip
Source: notepad++.exe, 00000009.00000003.2180899116.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2183719114.000001ACC3B7C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316786683.000001ACC3B7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oleg-shiloy
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oviradoi/npp-explorer-plugin
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oviradoi/npp-explorer-plugin/releases/download/v1.9.9/Explorer_x64.zip
Source: notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oviradoi/npp-explorer-plugin/releases/download/v1.9.9/Explorer_x64.ziplulations.
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oviradoi/npp-explorer-plugin0
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oviradoi/npp-explorer-pluginl
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/p0358/notepadpp-CodeStats
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/p0358/notepadpp-CodeStats/releases/download/v1.1.1/notepadpp-CodeStats_x64.zip
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/p0358/notepadpp-CodeStatsP
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/peter-frentrup/NppMenuSearch
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pnedev/compare-plugin
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pnedev/compare-plugin/releases/download/v2.0.2/ComparePlugin_v2.0.2_X64.zip
Source: notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pnedev/compare-plugin/releases/download/v2.0.2/ComparePlugin_v2.0.2_X64.zips
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pnedev/comparePlus
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pnedev/comparePlus/releases/download/cp_1.2.0/ComparePlus_cp_1.2.0_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pnedev/nppgtags
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pnedev/nppgtags/releases/download/v5.1.2/NppGTags_v5.1.2_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/querykuma/qkNppReverseLines
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028489315.000001ACC3BCD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316978854.000001ACC3BD0000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169091363.000001ACC3BD0000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/querykuma/qkNppReverseLines/releases/download/v1.0.0.0/qkNppReverseLinesPlugin_v1
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rainman74/NPPTextFX2
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rainman74/NPPTextFX2/releases/download/1.4.1/NppTextFX2.1.4.1.x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rainman74/NPPTextFX2/releases/download/1.4.1/NppTextFX2.1.4.1.x64.zipq
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rdipardo/nppFSIPlugin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rdipardo/nppFSIPlugin/releases/download/v0.2.2.0/NPPFSIPlugin_v0.2.2.0_x64.zip
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rdipardo/nppFSIPluginH
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rdipardo/nppQrCode
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rdipardo/nppQrCode/releases/download/v0.0.0.2/NppQrCode-0.0.0.2-x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/shriprem/FWDataViz
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/shriprem/FWDataViz/releases/download/v2.6.3.1/FWDataViz_x64.zip
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/shriprem/FWDataViz/releases/download/v2.6.3.1/FWDataViz_x64.zip5
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/shriprem/FWDataVizpEZT
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/shriprem/Goto-Line-Col-NPP-Plugin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/shriprem/Goto-Line-Col-NPP-Plugin/releases/download/v2.4.3.0/GotoLineCol_x64.zip
Source: notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/shriprem/Goto-Line-Col-NPP-Plugin/releases/download/v2.4.3.0/GotoLineCol_x64.zipp
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/shtirlitz-dev/notepadpp-plugin/raw/master/64bit/ShtirlitzNppPlugin.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sieukrem/jn-npp-plugin/releases/download/2.2.185.9/jN_2.2.185.9_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sieukrem/jn-npp-plugin/wiki
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sieukrem/jn-npp-plugin/wiki05q
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sieukrem/jn-npp-plugin/wikiR
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sunjw/jstoolnpp
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/superolmo/BigFiles
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/superolmo/BigFiles/releases/download/v0.1.3.x64/BigFiles.zip
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/superolmo/BigFilesh
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/swhitley/ERPHelper/releases/download/v1.1.2/ERPHelper_x64.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/swhitley/ERPHelper/releases/download/v1.1.2/ERPHelper_x64.zip;
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/swhitley/erphelper
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/swhitley/erphelperyle8
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppColumnTools
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppColumnTools/releases/download/1.4.5.1/ColumnTools-v1.4.5.1-x64.zi
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppColumnToolsu
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppGitSCM
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppGitSCM/releases/download/1.4.9.1/GitSCM-v1.4.9.1-x64.zip
Source: notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316508533.000001ACC3B4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppGitSCM/releases/download/1.4.9.1/GitSCM-v1.4.9.1-x64.zip)
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3B8F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppQuickText
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppQuickText/releases/download/0.2.5.1/QuickText-v0.2.5.1-x64.zip
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppQuickText5
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vinsworldcom/nppQuickTextr
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/viper3400/NppRegExTractor/releases/download/2.1.0/NppRegExTractor_2.1.0_BUILD_6_x
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028411660.000001ACC3BD4000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/viper3400/RegExTractor/wiki/de_userdocumentation
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/vladk1973/npp.connections
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/wakatime/notepadpp-wakatime
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/wakatime/notepadpp-wakatime/releases/download/5.1.1/WakaTime-5.1.1-x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/wakatime/notepadpp-wakatime/releases/download/5.1.1/WakaTime-5.1.1-x64.zipc
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182920222.000001ACC3B5B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/young-developer/nppNavigateTo
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/young-developer/nppNavigateTo/releases/download/v.2.6.4/NavigateTo_v.2.6.4_v142_x
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/young-developer/nppNavigateTol
Source: notepad++.exe, 00000009.00000002.2316826565.000001ACC3B8F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3B8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.corldcom/nppColumnTools
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/dokutoku/rdmd-for-npp
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/dokutoku/rdmd-for-npp/uploads/8a16e1c6384fb6f14e12bf58ce6741f7/rdmd-ja-x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/dokutoku/rdmd-for-npp/uploads/d8a2c4156c0a9dea4726a247e692a8bd/rdmd-en-x64.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3B96000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182920222.000001ACC3B5B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jcaillon.github.io/3P/
Source: notepad++.exe, 00000009.00000003.2180899116.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2183719114.000001ACC3B7C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316786683.000001ACC3B7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jcaillon.github.io/3P/J
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mfoster.com/npp/SessionMgr.html
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nea.github.io/MarkdownViewerPlusPlus/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190677875.000001ACC3C5D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2027958592.000001ACC3C3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317540774.000001ACC3C6B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2313157437.000001ACC3C68000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128239982.0000024DE5DFF000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128198327.0000024DE5E30000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2128056315.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000003.2127970528.0000024DE5E2C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497295510.000000000040A000.00000004.00000001.01000000.00000019.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481628764.0000027384725000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738473E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039128456.00000000027BD000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499646834.0000000002784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/VersionMajorVersionMinorNoModifyNoRepair/S=0K
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/community/topic/11059/custom-functions-list-rules
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/community/topic/12264/function-list-for-new-language
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/community/topic/12520/function-list-for-simatic
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/community/topic/12691/function-list-with-java-problems
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/community/topic/12742/functionlist-different-results-with-different-li
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/community/topic/12972/trouble-with-defining-a-function-list-entry/7
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/community/topic/13553/functionlist-xml-regular-expressions-not-parsing
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/community/topic/14494/functionlist-classrange-question
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/donate/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmp, GUP.exe, 0000000A.00000000.2020759345.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/downloads/openid_moreinfohttps://npp-user-manual.org/docs/upgrading/#n
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039128456.00000000027BD000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499646834.0000000002784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/downloads/v7.9.2/This
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039128456.00000000027BD000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499646834.0000000002784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/downloads/v7.9.2/open
Source: notepad++.exe, 00000009.00000003.2045047109.000001ACC5CDD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2046458936.000001ACC5CDB000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2081536523.000001ACC5CD4000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2184805993.000001ACC5CDC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2318232852.000001ACC5CDD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2046688996.000001ACC5CDD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2081344393.000001ACC5CCD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2046153261.000001ACC5CDC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2082385611.000001ACC5CD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/downloads/v8.6.7/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000002.2176204340.0000024DE5D8C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notepad-plus-plus.org/update/getDownloadUrl.php
Source: notepad++.exe, 00000009.00000002.2315265086.000001ACC382D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169592451.000001ACC3811000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2176444833.000001ACC382D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2170965269.000001ACC3815000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2042725815.0000021B95A31000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043907505.0000021B95A96000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044225481.0000021B95A76000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000002.2049986089.0000021B95A96000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043610808.0000021B95A68000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043402615.0000021B95A36000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043540267.0000021B95A4E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044500137.0000021B95A7A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043689865.0000021B95A92000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043967910.0000021B95A73000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043873004.0000021B95A6D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044697241.0000021B95A96000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963066257.000002738403E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2505744176.0000025E0EEED000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2505551659.0000025E0EEFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://npp-user-manual.org/docs/config-files/#the-context-menu-contextmenu-xml
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://npp-user-manual.org/docs/function-list/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://npp-user-manual.org/docs/plugins/#how-to-develop-a-plugin
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://phdesign.com.au/assets/files/NppToolBucket-1.10-x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://phdesign.com.au/npptoolbucket/
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://planet-cnc.com/notepad-plugin/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://planet-cnc.com/wp-content/uploads/sw/Npp/PlanetCNCNpp64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/p/notepad-plus/discussion/331753/thread/5d9bb881/#e86e
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/p/notepad-plus/patches/597/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/analyseplugin
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2173450822.000001ACC39AF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315544527.000001ACC39BE000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2174166347.000001ACC39AF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/analyseplugin/files/binaries/v01.13-R49/AnalysePlugin-v01.13-R49-x6
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/analyseplugin~
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/autocodepage
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/autocodepage/files/v1.2.6/plugin/x64/AutoCodepage_v1.2.6_x64.zip
Source: notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/autocodepage/files/v1.2.6/plugin/x64/AutoCodepage_v1.2.6_x64.zip-10
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/autocodepage0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/autoeolformat
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/autoeolformat/files/v1.0.4/plugin/x64/AutoEolFormat_v1.0.4_x64.zip
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/autoeolformat/files/v1.0.4/plugin/x64/AutoEolFormat_v1.0.4_x64.zipg
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/autoeolformatH
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/customlinenumbers
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/customlinenumbers/files/v1.1.9/plugin/x64/CustomLineNumbers_v1.1.9_
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/customlinenumbers300b4c0e8189
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/extsettings
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/extsettings/files/v1.3.1/plugin/x64/ExtSettings_v1.3.1_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/gedcomlexer/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/gedcomlexer/files/GedcomLexer-0.5.0-r170/GedcomLexer-0.5.0-r170-x64
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/imgtag/
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/imgtag/_x64.zipU
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/jsminnpp/files/Uni/JSToolNPP.1.2312.0.uni.64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481893248.000002738469F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846A2000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/kered13-notepad-plugins/
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/kered13-notepad-plugins/E25
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/kered13-notepad-plugins/files/Comment%20Wrap%20x64%20v1.0.0.7.zip
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/kered13-notepad-plugins/files/Comment%20Wrap%20x64%20v1.0.0.7.zip7
Source: notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/kered13-notepad-plugins/files/Comment%20Wrap%20x64%20v1.0.0.7.ziper
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/kered13-notepad-plugins/files/Python%20Indent%20x64%20v1.0.0.5.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/locationnav/
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/locationnav/C
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/locationnav/files/LocationNavigate_v0.4.8.1_x64.zip
Source: notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/locationnav/files/LocationNavigate_v0.4.8.1_x64.zipU/z
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/locationnav/files/LocationNavigate_v0.4.8.1_x64.zipV
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/locationnav/files/LocationNavigate_v0.4.8.1_x64.zipt
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/locationnav/files/NewFileBrowser_v0.1.5_x64.zip
Source: notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/locationnav/files/NewFileBrowser_v0.1.5_x64.zipZ
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481893248.000002738469F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846A2000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/notepad-visualstudiolinecopy/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/notepad-visualstudiolinecopy/files/VisualStudioLineCopy%20x64%20v1.
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/npp-customize
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/npp-customize/files/Customize%20Toolbar%20v5.3/CustomizeToolbar_5_3
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481893248.000002738469F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846A2000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/npp-plugins/files/NppDocShare/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/nppactivexplugin/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/nppactivexplugin/files/bin/ActiveX_x64_1_1_8_7.zip
Source: notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/nppactivexplugin/files/bin/ActiveX_x64_1_1_8_7.zip)
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/nppjumplist/
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/nppjumplist/:
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2313894105.000001ACC1819000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/nppmenusearch/files/v0.9.6/NppMenuSearch_v0.9.6_x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/nppmusicplayer
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/tagleet/
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/tagleet/4.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182960138.000001ACC3C36000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181972948.000001ACC3C2E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317254649.000001ACC3C37000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/tagleet/files/v1.3.2/TagLEET_1.3.2.0.x64.zip
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/wall203102356_293
Source: notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vk.com/wall203102356_293m
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316439104.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wakatime.com
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fesevur.com/nppsnippets
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2183719114.000001ACC3B7C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3B96000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028411660.000001ACC3BD4000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316786683.000001ACC3B7D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481893248.000002738469F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fesevur.com/npptags
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fesevur.com/selectquotedtext
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fesevur.com/selectquotedtextD
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033206449.000000000019A000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039128456.00000000027BD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000000.2016361940.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 00000009.00000002.2319288862.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000000B.00000000.2022748994.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000000B.00000002.2050782359.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000003.2274660356.000000000079E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499646834.0000000002784000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497171401.000000000019A000.00000004.00000010.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000000.2476917701.00007FF6E5C4B000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000001C.00000002.2971138093.00007FF6E5C4B000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.gnu.org/licenses/
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000003.1820529024.0000000000703000.00000004.00000020.00020000.00000000.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000003.1819486469.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039128456.00000000027BD000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000003.2274660356.000000000079E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499646834.0000000002784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/licenses/why-not-lgpl.html
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000000.2016550409.00007FF6E9DFA000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000000B.00000002.2051541219.00007FF6E9DFA000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000001C.00000000.2477077881.00007FF6E5D62000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.google.com/search?q=$(CURRENT_WORD)
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.incrediblejunior.com/npp_plugins/
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.incrediblejunior.com/npp_plugins/(5y
Source: notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.incrediblejunior.com/npp_plugins/;
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.orizens.com
Source: notepad++.exe, 00000009.00000003.2178986676.000001ACC36E3000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2314603190.000001ACC36E8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179198025.000001ACC3704000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180738485.000001ACC36E8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044823919.0000021B95A3E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2042725815.0000021B95A31000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044598331.0000021B95A3A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043402615.0000021B95A36000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000002.2049858799.0000021B95A58000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2043540267.0000021B95A4E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000002.2049706542.0000021B95A3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2044795186.0000021B95A56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000000B.00000003.2045891135.0000021B95A3F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2962898421.0000027384000000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2963626685.0000027384302000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2505551659.0000025E0EEFD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001D.00000003.2506615324.0000025E0EEFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.php.net/$(CURRENT_WORD)
Source: notepad++.exe, 00000009.00000003.2178986676.000001ACC36E3000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2314603190.000001ACC36E8000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180738485.000001ACC36E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.php.net/$(CURRENT_WORD)0
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.seelisoft.net/Linefilter3/
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.seelisoft.net/Linefilter3/$5m
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481893248.000002738469F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846A2000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.seelisoft.net/Linefilter3/Linefilter3_x64.zip
Source: notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.seelisoft.net/Linefilter3/Linefilter3_x64.zip7
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2183719114.000001ACC3B7C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3B96000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028411660.000001ACC3BD4000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316786683.000001ACC3B7D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169091363.000001ACC3BE3000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316978854.000001ACC3BE3000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sqlinform.com
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sqlinform.com/npp/SQLinFormNpp64_6.24.04.zip
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 84.32.84.219:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00405846 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405846
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB31FE0 SendDlgItemMessageW,SendDlgItemMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalAlloc,GlobalLock,GlobalUnlock,RegisterClipboardFormatW,SetClipboardData,CloseClipboard,28_2_00007FFE0EB31FE0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE11502A30 GlobalLock,WriteFile,MessageBoxW,GlobalUnlock,GlobalFree,SetClipboardData,GlobalFree,MessageBoxW,28_2_00007FFE11502A30
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE11502900 GlobalLock,WriteFile,MessageBoxW,GlobalUnlock,GlobalFree,SetClipboardData,GlobalFree,MessageBoxW,28_2_00007FFE11502900
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE11502B60 GlobalLock,WriteFile,MessageBoxW,GlobalUnlock,GlobalFree,SetClipboardData,GlobalFree,MessageBoxW,28_2_00007FFE11502B60
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004BF3B0 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,10_2_00007FFE004BF3B0

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 17.2.npp.8.7.Installer.x64.exe.28ea1cb.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects SystemBC Author: ditekSHen
Source: 17.2.npp.8.7.Installer.x64.exe.288d26f.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects SystemBC Author: ditekSHen
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403645
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,14_2_00403645
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,17_2_00403645
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00406DA00_2_00406DA0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4D706010_2_00007FF73E4D7060
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E54ED7810_2_00007FF73E54ED78
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E504E6A10_2_00007FF73E504E6A
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E515BCC10_2_00007FF73E515BCC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5409B810_2_00007FF73E5409B8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4CCA7010_2_00007FF73E4CCA70
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4CE72010_2_00007FF73E4CE720
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E51687410_2_00007FF73E516874
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4CF57010_2_00007FF73E4CF570
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4CD38010_2_00007FF73E4CD380
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E501F1A10_2_00007FF73E501F1A
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E50901410_2_00007FF73E509014
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E531FD010_2_00007FF73E531FD0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4FEFD010_2_00007FF73E4FEFD0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E53108010_2_00007FF73E531080
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F006010_2_00007FF73E4F0060
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4FD09010_2_00007FF73E4FD090
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E50AB10_2_00007FF73E4E50AB
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E543D9410_2_00007FF73E543D94
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4C7D3010_2_00007FF73E4C7D30
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4CADE010_2_00007FF73E4CADE0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E537E1010_2_00007FF73E537E10
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E509DD410_2_00007FF73E509DD4
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52FD9C10_2_00007FF73E52FD9C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E517E2C10_2_00007FF73E517E2C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4D8F1010_2_00007FF73E4D8F10
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E535EE010_2_00007FF73E535EE0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4EDB7010_2_00007FF73E4EDB70
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E513B4810_2_00007FF73E513B48
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E523BCB10_2_00007FF73E523BCB
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52FB9810_2_00007FF73E52FB98
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E531B9810_2_00007FF73E531B98
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E50CC2410_2_00007FF73E50CC24
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E1C4010_2_00007FF73E4E1C40
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E530CFC10_2_00007FF73E530CFC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4EFCB010_2_00007FF73E4EFCB0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52298410_2_00007FF73E522984
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52F98C10_2_00007FF73E52F98C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F695E10_2_00007FF73E4F695E
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E51295810_2_00007FF73E512958
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E53096410_2_00007FF73E530964
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E51D93810_2_00007FF73E51D938
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5359D410_2_00007FF73E5359D4
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E89C010_2_00007FF73E4E89C0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E519A5010_2_00007FF73E519A50
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E51EA2810_2_00007FF73E51EA28
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F0AE010_2_00007FF73E4F0AE0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E476310_2_00007FF73E4E4763
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52F78810_2_00007FF73E52F788
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E54777410_2_00007FF73E547774
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F074010_2_00007FF73E4F0740
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4FC88010_2_00007FF73E4FC880
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E51A83010_2_00007FF73E51A830
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E54390010_2_00007FF73E543900
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F58E010_2_00007FF73E4F58E0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E191010_2_00007FF73E4E1910
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E48FC10_2_00007FF73E4E48FC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E54D89C10_2_00007FF73E54D89C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4C957010_2_00007FF73E4C9570
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52F57C10_2_00007FF73E52F57C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E957010_2_00007FF73E4E9570
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4DF61010_2_00007FF73E4DF610
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5095EC10_2_00007FF73E5095EC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4EC60010_2_00007FF73E4EC600
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5015D410_2_00007FF73E5015D4
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F369010_2_00007FF73E4F3690
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5176F810_2_00007FF73E5176F8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E53D70810_2_00007FF73E53D708
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E54E6DC10_2_00007FF73E54E6DC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E50D69810_2_00007FF73E50D698
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4EB6D010_2_00007FF73E4EB6D0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E51F6AC10_2_00007FF73E51F6AC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E54F37C10_2_00007FF73E54F37C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52F37810_2_00007FF73E52F378
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E50639410_2_00007FF73E506394
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52436010_2_00007FF73E524360
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F538010_2_00007FF73E4F5380
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5033E810_2_00007FF73E5033E8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E54441410_2_00007FF73E544414
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E53B3D410_2_00007FF73E53B3D4
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5323D410_2_00007FF73E5323D4
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F23D010_2_00007FF73E4F23D0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4EA42010_2_00007FF73E4EA420
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5474F810_2_00007FF73E5474F8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E50B4FC10_2_00007FF73E50B4FC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4DE4B010_2_00007FF73E4DE4B0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E54017C10_2_00007FF73E54017C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4F017010_2_00007FF73E4F0170
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E52616010_2_00007FF73E526160
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E53F14010_2_00007FF73E53F140
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E53C28810_2_00007FF73E53C288
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E626010_2_00007FF73E4E6260
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4C123010_2_00007FF73E4C1230
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5252D810_2_00007FF73E5252D8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5092EC10_2_00007FF73E5092EC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004E49F010_2_00007FFE004E49F0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F6CB010_2_00007FFE004F6CB0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004FEDB010_2_00007FFE004FEDB0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00508E5010_2_00007FFE00508E50
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004B73F010_2_00007FFE004B73F0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004E3A9A10_2_00007FFE004E3A9A
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004CFAD010_2_00007FFE004CFAD0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00507D7610_2_00007FFE00507D76
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052207C10_2_00007FFE0052207C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0053205810_2_00007FFE00532058
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052C1F810_2_00007FFE0052C1F8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0051E25810_2_00007FFE0051E258
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004DC2E010_2_00007FFE004DC2E0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004E658010_2_00007FFE004E6580
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004BE5E010_2_00007FFE004BE5E0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004D268010_2_00007FFE004D2680
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0051875C10_2_00007FFE0051875C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052C8A810_2_00007FFE0052C8A8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0051E91810_2_00007FFE0051E918
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0051ABA010_2_00007FFE0051ABA0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00504BC010_2_00007FFE00504BC0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00518C6810_2_00007FFE00518C68
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052CD3C10_2_00007FFE0052CD3C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00500D7010_2_00007FFE00500D70
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F6F3010_2_00007FFE004F6F30
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00534F6810_2_00007FFE00534F68
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004FB00010_2_00007FFE004FB000
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004C902010_2_00007FFE004C9020
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052112810_2_00007FFE00521128
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052B1BC10_2_00007FFE0052B1BC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0051B1E810_2_00007FFE0051B1E8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004E925010_2_00007FFE004E9250
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052132C10_2_00007FFE0052132C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052D3BC10_2_00007FFE0052D3BC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004BF3B010_2_00007FFE004BF3B0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052153010_2_00007FFE00521530
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0053187010_2_00007FFE00531870
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004FF9E010_2_00007FFE004FF9E0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004BBA8010_2_00007FFE004BBA80
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00531AEC10_2_00007FFE00531AEC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00521B7410_2_00007FFE00521B74
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004E5C0010_2_00007FFE004E5C00
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004DFD6010_2_00007FFE004DFD60
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052DE0010_2_00007FFE0052DE00
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F3EF010_2_00007FFE004F3EF0
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_00406DA014_2_00406DA0
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_00406DA017_2_00406DA0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB4AF1428_2_00007FFE0EB4AF14
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3D6DC28_2_00007FFE0EB3D6DC
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3BE9028_2_00007FFE0EB3BE90
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB336A028_2_00007FFE0EB336A0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB41FFC28_2_00007FFE0EB41FFC
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB47F5028_2_00007FFE0EB47F50
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3BC8C28_2_00007FFE0EB3BC8C
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB4249028_2_00007FFE0EB42490
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB31C5028_2_00007FFE0EB31C50
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB4B46028_2_00007FFE0EB4B460
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB455D428_2_00007FFE0EB455D4
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3CD4C28_2_00007FFE0EB3CD4C
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB42B1028_2_00007FFE0EB42B10
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3DAE028_2_00007FFE0EB3DAE0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3BA8028_2_00007FFE0EB3BA80
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3C2A028_2_00007FFE0EB3C2A0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB483EC28_2_00007FFE0EB483EC
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB408FC28_2_00007FFE0EB408FC
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3C09C28_2_00007FFE0EB3C09C
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3B87C28_2_00007FFE0EB3B87C
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB4E1C828_2_00007FFE0EB4E1C8
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB319A028_2_00007FFE0EB319A0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150B94428_2_00007FFE1150B944
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE11507A1828_2_00007FFE11507A18
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150AE1428_2_00007FFE1150AE14
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE115154B828_2_00007FFE115154B8
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150FF8C28_2_00007FFE1150FF8C
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE11507C0028_2_00007FFE11507C00
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150783028_2_00007FFE11507830
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE115087C028_2_00007FFE115087C0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE115082B828_2_00007FFE115082B8
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150225028_2_00007FFE11502250
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150D27028_2_00007FFE1150D270
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150FB0028_2_00007FFE1150FB00
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150B2C428_2_00007FFE1150B2C4
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A51168028_2_00007FFE1A511680
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A511A7028_2_00007FFE1A511A70
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A52371828_2_00007FFE1A523718
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A511AC028_2_00007FFE1A511AC0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A511AD028_2_00007FFE1A511AD0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A512FB028_2_00007FFE1A512FB0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A51181028_2_00007FFE1A511810
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A511CB028_2_00007FFE1A511CB0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A5114F028_2_00007FFE1A5114F0
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A51D18428_2_00007FFE1A51D184
Source: C:\Program Files\Notepad++\notepad++.exeCode function: String function: 00007FFE0EB321E0 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: String function: 00402DAB appears 50 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004C0A10 appears 332 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004C0AB0 appears 49 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004DF210 appears 34 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE0051F720 appears 47 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004FABB0 appears 35 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004F5250 appears 37 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004C0920 appears 443 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004EC010 appears 48 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004F52C0 appears 78 times
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: String function: 00007FFE004DF160 appears 54 times
Source: C:\Program Files\Notepad++\notepad++.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6976 -s 1252
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNppExport.dll4 vs npp.8.6.7.Installer.x64.exe
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamebase64.dll4 vs npp.8.6.7.Installer.x64.exe
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNppConverter.dll< vs npp.8.6.7.Installer.x64.exe
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegup.exeJ vs npp.8.6.7.Installer.x64.exe
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcurl.dllB vs npp.8.6.7.Installer.x64.exe
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenppPluginList.dllT vs npp.8.6.7.Installer.x64.exe
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNppShell.dll4 vs npp.8.6.7.Installer.x64.exe
Source: npp.8.6.7.Installer.x64.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 17.2.npp.8.7.Installer.x64.exe.28ea1cb.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: 17.2.npp.8.7.Installer.x64.exe.288d26f.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: * Step 2: Open [`vcproj\GUP.sln`](https://github.com/gup4win/wingup/blob/master/vcproj/GUP.sln) with VS2022.
Source: classification engineClassification label: sus26.evad.winEXE@33/380@3/4
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403645
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,14_2_00403645
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,17_2_00403645
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00404AF2 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AF2
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_004021AF CoCreateInstance,0_2_004021AF
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB32380 FindResourceW,LoadResource,LockResource,SizeofResource,GlobalAlloc,GlobalLock,CreateDialogIndirectParamW,GlobalFree,CreateDialogParamW,GetLastError,MessageBoxA,SendMessageW,28_2_00007FFE0EB32380
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++Jump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Users\user\AppData\Roaming\Notepad++Jump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeMutant created: \Sessions\1\BaseNamedObjects\nppInstance
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6976
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsgCB92.tmpJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\explorer.exe
Source: npp.8.6.7.Installer.x64.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
Source: GUP.exeString found in binary or memory: --help
Source: GUP.exeString found in binary or memory: --help
Source: GUP.exeString found in binary or memory: Usage : gup --help gup -options gup [-verbose] [-vVERSION_VALUE] [-pCUSTOM_PARAM] gup -clean FOLDER_TO_ACTION gup -unzipTo [-clea
Source: GUP.exeString found in binary or memory: Usage : gup --help gup -options gup [-verbose] [-vVERSION_VALUE] [-pCUSTOM_PARAM] gup -clean FOLDER_TO_ACTION gup -unzipTo [-clea
Source: GUP.exeString found in binary or memory: Usage :gup --helpgup -optionsgup [-verbose] [-vVERSION_VALUE] [-pCUSTOM_PARAM]gup -clean FOLDER_TO_ACTIONgup -unzipTo [-clea
Source: GUP.exeString found in binary or memory: Usage :gup --helpgup -optionsgup [-verbose] [-vVERSION_VALUE] [-pCUSTOM_PARAM]gup -clean FOLDER_TO_ACTIONgup -unzipTo [-clea
Source: notepad++.exeString found in binary or memory: <!--StartFragment-->
Source: notepad++.exeString found in binary or memory: <!--StartFragment-->
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile read: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe "C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Notepad++\notepad++.exe "C:\Program Files\Notepad++\notepad++.exe"
Source: C:\Program Files\Notepad++\notepad++.exeProcess created: C:\Program Files\Notepad++\updater\GUP.exe "C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px64
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Program Files\Notepad++\notepad++.exe "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
Source: C:\Program Files\Notepad++\updater\GUP.exeProcess created: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe "C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe"
Source: C:\Program Files\Notepad++\updater\GUP.exeProcess created: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe "C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe"
Source: C:\Program Files\Notepad++\notepad++.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6976 -s 1252
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Notepad++\notepad++.exe "C:\Program Files\Notepad++\notepad++.exe"
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Program Files\Notepad++\notepad++.exe "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"Jump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"Jump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Program Files\Notepad++\notepad++.exe "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log" Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"Jump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Notepad++\notepad++.exe "C:\Program Files\Notepad++\notepad++.exe" Jump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeProcess created: C:\Program Files\Notepad++\updater\GUP.exe "C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px64Jump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeProcess created: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe "C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess created: C:\Program Files\Notepad++\notepad++.exe "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
Source: C:\Windows\explorer.exeProcess created: C:\Program Files\Notepad++\notepad++.exe "C:\Program Files\Notepad++\notepad++.exe"
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: edputil.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: slc.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: libcurl.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: edputil.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: slc.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: apphelp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: version.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: sensapi.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wininet.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: msasn1.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wldp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dll
Source: C:\Windows\explorer.exeSection loaded: aepic.dll
Source: C:\Windows\explorer.exeSection loaded: twinapi.dll
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dll
Source: C:\Windows\explorer.exeSection loaded: userenv.dll
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dll
Source: C:\Windows\explorer.exeSection loaded: powrprof.dll
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dll
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dll
Source: C:\Windows\explorer.exeSection loaded: dxgi.dll
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dll
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exeSection loaded: propsys.dll
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dll
Source: C:\Windows\explorer.exeSection loaded: urlmon.dll
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dll
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dll
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dll
Source: C:\Windows\explorer.exeSection loaded: wininet.dll
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dll
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dll
Source: C:\Windows\explorer.exeSection loaded: sspicli.dll
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\explorer.exeSection loaded: wldp.dll
Source: C:\Windows\explorer.exeSection loaded: iertutil.dll
Source: C:\Windows\explorer.exeSection loaded: srvcli.dll
Source: C:\Windows\explorer.exeSection loaded: netutils.dll
Source: C:\Windows\explorer.exeSection loaded: umpdc.dll
Source: C:\Windows\explorer.exeSection loaded: ninput.dll
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dll
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dll
Source: C:\Windows\explorer.exeSection loaded: aepic.dll
Source: C:\Windows\explorer.exeSection loaded: twinapi.dll
Source: C:\Windows\explorer.exeSection loaded: userenv.dll
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dll
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dll
Source: C:\Windows\explorer.exeSection loaded: powrprof.dll
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dll
Source: C:\Windows\explorer.exeSection loaded: dxgi.dll
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dll
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exeSection loaded: propsys.dll
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dll
Source: C:\Windows\explorer.exeSection loaded: urlmon.dll
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dll
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dll
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dll
Source: C:\Windows\explorer.exeSection loaded: wininet.dll
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dll
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dll
Source: C:\Windows\explorer.exeSection loaded: sspicli.dll
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\explorer.exeSection loaded: wldp.dll
Source: C:\Windows\explorer.exeSection loaded: iertutil.dll
Source: C:\Windows\explorer.exeSection loaded: srvcli.dll
Source: C:\Windows\explorer.exeSection loaded: netutils.dll
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dll
Source: C:\Windows\explorer.exeSection loaded: umpdc.dll
Source: C:\Windows\explorer.exeSection loaded: ninput.dll
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dll
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dll
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\explorer.exeSection loaded: edputil.dll
Source: C:\Windows\explorer.exeSection loaded: smartscreenps.dll
Source: C:\Windows\explorer.exeSection loaded: policymanager.dll
Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\explorer.exeSection loaded: wintypes.dll
Source: C:\Windows\explorer.exeSection loaded: appresolver.dll
Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dll
Source: C:\Windows\explorer.exeSection loaded: slc.dll
Source: C:\Windows\explorer.exeSection loaded: sppc.dll
Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\explorer.exeSection loaded: apphelp.dll
Source: C:\Windows\explorer.exeSection loaded: pcacli.dll
Source: C:\Windows\explorer.exeSection loaded: mpr.dll
Source: C:\Windows\explorer.exeSection loaded: sfc_os.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: apphelp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: version.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: sensapi.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wininet.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: msasn1.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wldp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: rsaenh.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: textshaping.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dataexchange.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: d3d11.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dcomp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dxgi.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: d2d1.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dwrite.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: iconcodecservice.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: textinputframework.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: coremessaging.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: ntmarta.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wintypes.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wintypes.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wintypes.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: iertutil.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: propsys.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dxcore.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: apphelp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dbghelp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: version.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: sensapi.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wininet.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: uxtheme.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: dwmapi.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: msasn1.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: wldp.dll
Source: C:\Program Files\Notepad++\notepad++.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Notepad++.lnk.0.drLNK file: ..\..\..\..\..\Program Files\Notepad++\notepad++.exe
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile written: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\ioSpecial.iniJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeWindow found: window name: SysTabControl32Jump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeAutomated click: OK
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeAutomated click: Next >
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeAutomated click: Next >
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeAutomated click: Next >
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeAutomated click: I Agree
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeWindow detected: < &BackI &AgreeCancelThe best things in life are free. Notepad++ is free so Notepad++ is the best The best things in life are free. Notepad++ is free so Notepad++ is the bestLicense AgreementPlease review the license terms before installing Notepad++ v8.6.7.Press Page Down to see the rest of the agreement.COPYING -- Describes the terms under which Notepad++ is distributed.A copy of the GNU GPL is appended to this file.IMPORTANT NOTEPAD++ LICENSE TERMSCopyright (C)2021 Don HO <don.h@free.fr>. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 3 with the clarifications and exceptions described below. This guarantees your right to use modify and redistribute this software under certain conditions.This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.******************************************************************GNU GENERAL PUBLIC LICENSEVersion 3 29 June 2007Copyright (C) 2007 Free Software Foundation Inc. <https://fsf.org/>Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed.PreambleThe GNU General Public License is a free copyleft license for software and other kinds of works.The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We the Free Software Foundation use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs too.When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things.To protect your rights we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore you have certain responsibilities if you distribute copies of the software or if you modify it: responsibilities to respect the freedom of others.For example if you distribute copies of such a program whether gratis or for a fee you must pass on to the recipients the same freedoms that you received. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights.Developers that use the GNU GPL protect your rights with two steps: (1) as
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeWindow detected: < &BackI &AgreeCancelThe best things in life are free. Notepad++ is free so Notepad++ is the best The best things in life are free. Notepad++ is free so Notepad++ is the bestLicense AgreementPlease review the license terms before installing Notepad++ v8.7.Press Page Down to see the rest of the agreement.COPYING -- Describes the terms under which Notepad++ is distributed.A copy of the GNU GPL is appended to this file.IMPORTANT NOTEPAD++ LICENSE TERMSCopyright (C)2021 Don HO <don.h@free.fr>. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 3 with the clarifications and exceptions described below. This guarantees your right to use modify and redistribute this software under certain conditions.This program is distributed in the hope that it will be useful but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.******************************************************************GNU GENERAL PUBLIC LICENSEVersion 3 29 June 2007Copyright (C) 2007 Free Software Foundation Inc. <https://fsf.org/>Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed.PreambleThe GNU General Public License is a free copyleft license for software and other kinds of works.The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We the Free Software Foundation use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs too.When we speak of free software we are referring to freedom not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish) that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things.To protect your rights we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore you have certain responsibilities if you distribute copies of the software or if you modify it: responsibilities to respect the freedom of others.For example if you distribute copies of such a program whether gratis or for a fee you must pass on to the recipients the same freedoms that you received. You must make sure that they too receive or can get the source code. And you must show them these terms so they know their rights.Developers that use the GNU GPL protect your rights with two steps: (1) asse
Source: C:\Program Files\Notepad++\notepad++.exeWindow detected: Number of UI elements: 11
Source: C:\Program Files\Notepad++\notepad++.exeWindow detected: Number of UI elements: 11
Source: C:\Program Files\Notepad++\notepad++.exeWindow detected: Number of UI elements: 11
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++Jump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletionJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\c.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\cpp.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\java.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\cs.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\html.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\rc.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\sql.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\php.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\css.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\vb.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\perl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\javascript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\python.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\actionscript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\lisp.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\vhdl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\tex.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\xml.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\nsis.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\cmake.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\batch.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\coffee.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\BaanC.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\lua.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\autoit.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\cobol.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\typescript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\powershell.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\gdscript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\go.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\autoCompletion\raku.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionListJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\c.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\cpp.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\java.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\cs.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\asm.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\bash.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\sql.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\php.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\cobol-free.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\cobol.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\perl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\javascript.js.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\python.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\lua.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\ini.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\inno.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\vhdl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\krl.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\nsis.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\powershell.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\batch.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\ruby.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\baanc.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\sinumerik.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\autoit.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\universe_basic.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\xml.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\ada.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\fortran.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\fortran77.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\haskell.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\rust.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\typescript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\pascal.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\gdscript.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\raku.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\hollywood.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\nppexec.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\overrideMap.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\pluginsJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppExportJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppExport\NppExport.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\mimeToolsJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppConverterJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updaterJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\GUP.exeJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\libcurl.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\gup.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\LICENSEJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\README.mdJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\updater\updater.icoJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\ConfigJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\langs.model.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\stylers.model.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenu.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\shortcuts.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\nppLogNulContentCorruptionIssue.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\LICENSEJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\change.logJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\readme.txtJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\notepad++.exeJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\localizationJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\localization\english.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\disabledJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themesJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\DarkModeDefault.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Black board.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Choco.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Hello Kitty.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Mono Industrial.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Monokai.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Obsidian.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Plastic Code Wrap.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Ruby Blue.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Twilight.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Vibrant Ink.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Deep Black.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\vim Dark Blue.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Bespin.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Zenburn.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Solarized.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Solarized-light.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\HotFudgeSundae.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\khaki.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\MossyLawn.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\Navajo.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\themes\DansLeRuSH-Dark.xmlJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenuJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenu\NppShell.msixJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenu\NppShell.dllJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\uninstall.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\toml.xml
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\tex.xml
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\functionList\latex.xml
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDirectory created: C:\Program Files\Notepad++\contextMenu\NppShell.dll
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++Jump to behavior
Source: npp.8.6.7.Installer.x64.exeStatic PE information: certificate valid
Source: npp.8.6.7.Installer.x64.exeStatic file information: File size 4854296 > 1048576
Source: npp.8.6.7.Installer.x64.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\sources\nppShell\x64\Release\NppShell.x64.pdb3 source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sources\nppShell\x64\Release\NppShell.x64.pdb source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sources\nppPluginList\bin64\nppPluginList.pdb source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F6CB0 WSAStartup,WSACleanup,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,QueryPerformanceFrequency,10_2_00007FFE004F6CB0
Source: NppExport.dll.0.drStatic PE information: section name: _RDATA
Source: mimeTools.dll.0.drStatic PE information: section name: _RDATA
Source: NppConverter.dll.0.drStatic PE information: section name: _RDATA
Source: libcurl.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4E0723 push C0950F00h; ret 10_2_00007FF73E4E0728
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004CC63F push 770001C3h; ret 10_2_00007FFE004CC649
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\LangDLL.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\notepad++.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\updater\libcurl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\LangDLL.dllJump to dropped file
Source: C:\Program Files\Notepad++\updater\GUP.exeFile created: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nsDialogs.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\temDE2B.tmp (copy)Jump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\updater\GUP.exeJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\plugins\NppExport\NppExport.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeFile created: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\contextMenu\NppShell.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile created: C:\Program Files\Notepad++\readme.txtJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Notepad++\notepad++.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Notepad++\updater\GUP.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_10-114619
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\LangDLL.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\LangDLL.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nsDialogs.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\temDE2B.tmp (copy)Jump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Program Files\Notepad++\uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Program Files\Notepad++\updater\GUP.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Program Files\Notepad++\plugins\NppExport\NppExport.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Program Files\Notepad++\contextMenu\NppShell.dllJump to dropped file
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeDropped PE file which has not been started: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dllJump to dropped file
Source: C:\Program Files\Notepad++\updater\GUP.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_10-114009
Source: C:\Program Files\Notepad++\notepad++.exeAPI coverage: 1.3 %
Source: C:\Program Files\Notepad++\notepad++.exe TID: 1712Thread sleep time: -504000s >= -30000sJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exe TID: 5756Thread sleep time: -2317000s >= -30000s
Source: C:\Program Files\Notepad++\notepad++.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeFile Volume queried: C:\Program Files\Notepad++ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeFile Volume queried: C:\Program Files\Notepad++ FullSizeInformation
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00402910 FindFirstFileW,0_2_00402910
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_004069DF FindFirstFileW,FindClose,0_2_004069DF
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D8E
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052DE00 FindFirstFileExW,10_2_00007FFE0052DE00
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_00402910 FindFirstFileW,14_2_00402910
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_004069DF FindFirstFileW,FindClose,14_2_004069DF
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 14_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,14_2_00405D8E
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_00402910 FindFirstFileW,17_2_00402910
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_004069DF FindFirstFileW,FindClose,17_2_004069DF
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeCode function: 17_2_00405D8E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,17_2_00405D8E
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB455D4 FindFirstFileExW,28_2_00007FFE0EB455D4
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150D270 FindFirstFileExW,28_2_00007FFE1150D270
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A51D184 FindFirstFileExW,28_2_00007FFE1A51D184
Source: npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <KeyWord name="Get-NetEventVmNetworkAdapter" />
Source: npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <KeyWord name="Remove-NetEventVmNetworkAdapter" />
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <KeyWord name="OMGVMCID" />
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <KeyWord name="VirtualMachineError" />
Source: explorer.exe, 0000001B.00000002.2959986429.0000000000CD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\*m
Source: npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <KeyWord name="Add-NetEventVmNetworkAdapter" />
Source: npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <KeyWord name="SUNVMCID" />
Source: GUP.exe, 0000000A.00000002.2176204340.0000024DE5DA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeAPI call chain: ExitProcess graph end nodegraph_0-3698
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeAPI call chain: ExitProcess graph end node

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Program Files\Notepad++\updater\GUP.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_10-113355
Source: C:\Program Files\Notepad++\notepad++.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E50034C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF73E50034C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F6CB0 WSAStartup,WSACleanup,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,QueryPerformanceFrequency,10_2_00007FFE004F6CB0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE0052F6EC GetProcessHeap,10_2_00007FFE0052F6EC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E4FFEA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FF73E4FFEA8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E50052C SetUnhandledExceptionFilter,10_2_00007FF73E50052C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E50034C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF73E50034C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E5383EC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF73E5383EC
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE005274C4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FFE005274C4
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00511570 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FFE00511570
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00511FE4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FFE00511FE4
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB3EFAC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FFE0EB3EFAC
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB34D0C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FFE0EB34D0C
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE0EB34130 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FFE0EB34130
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150418C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FFE1150418C
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1150A54C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FFE1150A54C
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE11503918 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FFE11503918
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A514ECC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FFE1A514ECC
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A51A778 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FFE1A51A778
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 28_2_00007FFE1A514410 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FFE1A514410
Source: C:\Program Files\Notepad++\notepad++.exeProcess created: C:\Program Files\Notepad++\updater\GUP.exe "C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px64Jump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeProcess created: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe "C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe" Jump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE00534DB0 cpuid 10_2_00007FFE00534DB0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: EnumSystemLocalesW,10_2_00007FF73E54BF98
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: EnumSystemLocalesW,10_2_00007FF73E54BEC8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,10_2_00007FF73E54BB6C
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: GetLocaleInfoW,10_2_00007FF73E546970
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,10_2_00007FF73E54C5B4
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: EnumSystemLocalesW,10_2_00007FF73E5463D8
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: GetLocaleInfoEx,10_2_00007FF73E5273D0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,10_2_00007FF73E54C3D0
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\Notepad++\notepad++.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files\Notepad++\notepad++.exeCode function: 9_2_00007FF6E9C3FAC0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,9_2_00007FF6E9C3FAC0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FF73E547774 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,10_2_00007FF73E547774
Source: C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exeCode function: 0_2_00403645 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403645
Source: C:\Program Files\Notepad++\notepad++.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F25E0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,10_2_00007FFE004F25E0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F8D5A bind,WSAGetLastError,10_2_00007FFE004F8D5A
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004B6DD0 htons,htons,htons,bind,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,10_2_00007FFE004B6DD0
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004F8F90 bind,WSAGetLastError,10_2_00007FFE004F8F90
Source: C:\Program Files\Notepad++\updater\GUP.exeCode function: 10_2_00007FFE004C9020 getsockname,WSAGetLastError,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,getsockname,WSAGetLastError,listen,WSAGetLastError,htons,10_2_00007FFE004C9020

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping2
System Time Discovery		1
Exploitation of Remote Services		12
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		2
Obfuscated Files or Information		LSASS Memory3
File and Directory Discovery		Remote Desktop Protocol2
Clipboard Data		21
Encrypted Channel		Exfiltration Over Bluetooth1
System Shutdown/Reboot
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Access Token Manipulation		1
DLL Side-Loading		Security Account Manager36
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Windows Service		1
DLL Search Order Hijacking		NTDS131
Security Software Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Process Injection		3
Masquerading		LSA Secrets12
Virtualization/Sandbox Evasion		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
Virtualization/Sandbox Evasion		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Process Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Regsvr32		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Rundll32		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1531792 Sample: npp.8.6.7.Installer.x64.exe Startdate: 11/10/2024 Architecture: WINDOWS Score: 26 74 objects.githubusercontent.com 2->74 76 notepad-plus-plus.org 2->76 78 github.com 2->78 86 Malicious sample detected (through community Yara rule) 2->86 88 Found API chain indicative of debugger detection 2->88 11 npp.8.6.7.Installer.x64.exe 207 303 2->11         started        14 explorer.exe 2->14         started        16 explorer.exe 2->16         started        signatures3 process4 file5 64 C:\Program Files64otepad++\updaterbehaviorgraphUP.exe, PE32+ 11->64 dropped 66 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 11->66 dropped 68 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 11->68 dropped 70 11 other files (none is malicious) 11->70 dropped 18 regsvr32.exe 11->18         started        20 explorer.exe 1 11->20         started        22 notepad++.exe 11->22         started        24 notepad++.exe 9 14->24         started        26 notepad++.exe 16->26         started        process6 process7 28 regsvr32.exe 7 18->28         started        30 GUP.exe 2 24->30         started        34 WerFault.exe 24->34         started        dnsIp8 80 notepad-plus-plus.org 84.32.84.219, 443, 49739 NTT-LT-ASLT Lithuania 30->80 82 github.com 140.82.121.3, 443, 49745 GITHUBUS United States 30->82 84 2 other IPs or domains 30->84 72 C:\Users\user\...\npp.8.7.Installer.x64.exe, PE32 30->72 dropped 36 npp.8.7.Installer.x64.exe 30->36         started        39 npp.8.7.Installer.x64.exe 30->39         started        file9 process10 file11 56 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 36->56 dropped 58 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 36->58 dropped 60 C:\Users\user\AppData\Local\...\System.dll, PE32 36->60 dropped 62 2 other files (none is malicious) 36->62 dropped 41 rundll32.exe 36->41         started        43 regsvr32.exe 36->43         started        45 explorer.exe 36->45         started        47 notepad++.exe 36->47         started        process12 process13 49 rundll32.exe 41->49         started        52 regsvr32.exe 43->52         started        file14 54 C:\Users\user\AppData\...\temDE2B.tmp (copy), PE32+ 49->54 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
npp.8.6.7.Installer.x64.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Notepad++\contextMenu\NppShell.dll0%ReversingLabs
C:\Program Files\Notepad++\notepad++.exe0%ReversingLabs
C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll0%ReversingLabs
C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll0%ReversingLabs
C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll0%ReversingLabs
C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll0%ReversingLabs
C:\Program Files\Notepad++\uninstall.exe0%ReversingLabs
C:\Program Files\Notepad++\updater\GUP.exe0%ReversingLabs
C:\Program Files\Notepad++\updater\libcurl.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\InstallOptions.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\LangDLL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\UserInfo.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\InstallOptions.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\LangDLL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\UserInfo.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\temDE2B.tmp (copy)0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
notepad-plus-plus.org
84.32.84.219
truefalse
    		unknown
    github.com
    		140.82.121.3
    		truefalse
      		unknown
      objects.githubusercontent.com
      		185.199.110.133
      		truefalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://github.com/Jiangshan00001/npp_MZC8051/releases/download/0.0.1/MZC8051_x64.zipY/vnotepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          https://sourceforge.net/projects/kered13-notepad-plugins/files/Comment%20Wrap%20x64%20v1.0.0.7.zip7notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://github.com/gurikbal/Remove_dup_linesnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://gitlab.com/dokutoku/rdmd-for-npp/uploads/8a16e1c6384fb6f14e12bf58ce6741f7/rdmd-ja-x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://github.com/peter-frentrup/NppMenuSearchnotepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://github.com/vinsworldcom/nppGitSCMnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://github.com/npp-plugins/converter/releases/download/v4.6/nppConvert.v4.6.x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://github.com/rainman74/NPPTextFX2npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://github.com/vinsworldcom/nppQuickTextrnotepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://notepad-plus-plus.org/update/getDownloadUrl.phpnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000002.2176204340.0000024DE5D8C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://github.com/ffes/nppsnippets/releases/download/v1.7.1/NppSnippets-171-x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://github.com/oleg-shiloynotepad++.exe, 00000009.00000003.2180899116.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2183719114.000001ACC3B7C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316786683.000001ACC3B7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://github.com/shriprem/FWDataVizpEZTnotepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://github.com/Chocobo1/nppAutoDetectIndentnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://sourceforge.net/projects/extsettingsnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://github.com/chcg/rustnpp/releases/download/1.0.2/rustnpp_1.0.2_x86_64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://sourceforge.net/projects/autoeolformat/files/v1.0.4/plugin/x64/AutoEolFormat_v1.0.4_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://github.com/Predelnik/DSpellCheck/releases/download/v1.5.0/DSpellCheck_x64.zip=/notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://github.com/eljefe7000/RestApiToText/raw/master/x64/Release/v1.4.0.1/RestApiToText.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.incrediblejunior.com/npp_plugins/;notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://github.com/DominicTobias/SecurePadnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://github.com/dail8859/SurroundSelectionanotepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://github.com/davidsover/nppJSFunctionViewer/releases/download/v1.1.0/JSFunctionViewer_x64.zipEnotepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://sourceforge.net/projects/autoeolformatHnotepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://github.com/editorconfig/editorconfig-notepad-plus-plus4notepad++.exe, 00000009.00000002.2314048585.000001ACC185A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2177438511.000001ACC184E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://github.com/gurikbal/Remove_dup_lines/releases/download/1.3.0.2/Remove_dup_lines_x64.zip0notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://github.com/BdR76/RandomValuesNPP/_x64.zipnotepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://github.com/pnedev/nppgtags/releases/download/v5.1.2/NppGTags_v5.1.2_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://www.fesevur.com/npptagsnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2183719114.000001ACC3B7C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3B96000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2162879790.000001ACC3B79000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028411660.000001ACC3BD4000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316786683.000001ACC3B7D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481893248.000002738469F000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://wiseheartdesign.com/articles/2006/03/11/ruby-blue-textmate-theme)npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://github.com/young-developer/nppNavigateTolnotepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://github.com/oleg-shilo.notepad++.exe, 00000009.00000003.2028163165.000001ACC3B96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://sourceforge.net/p/notepad-plus/patches/613/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://github.com/chcg/SpeechPluginnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://github.com/p0358/notepadpp-CodeStats/releases/download/v1.1.1/notepadpp-CodeStats_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://sourceforge.net/p/notepad-plus/patches/597/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://sourceforge.net/projects/locationnav/Cnotepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://bitbucket.org/uph0/filefinderoZnotepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://github.com/ScienceDiscoverer/CommentTogglernpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316577282.000001ACC3B58000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://github.com/blu3mania/npp-papyrusnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://github.com/gup4win/wingup).npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://bitbucket.org/rdipardo/dbgp/downloads/dbgpPlugin_v0.14.2.1_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A5E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://github.com/Jiangshan00001/npp_MZC8051/releases/download/0.0.1/MZC8051_x64.zipnotepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://github.com/SinghRajenM/nppURLPluginnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://github.com/heldersepu/nppfavorites/releases/download/1.0.0.1.21/NppFavorites_1.0.0.1.21_x64.npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://github.com/michaelxzhang/Npp-Highlighternpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://github.com/BdR76/RandomValuesNPP/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://github.com/chcg/JumpList/releases/download/1.2.2.10/NppJumpList_1.2.2.10_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2313894105.000001ACC1819000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384651000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://notepad-plus-plus.org/community/topic/12972/trouble-with-defining-a-function-list-entry/7npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://github.com/joaoasrosa/nppxmltreeview/releases/download/v2.0.0/NppXMLTreeViewPlugin_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://curl.se/Vnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, GUP.exe, 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.fesevur.com/nppsnippetsnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://sourceforge.net/projects/analyseplugin~notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://github.com/dominikcebula/npp-java-plugin/releases/download/v0.4.0/NppJavaPlugin_v0.4.0_x64.znpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://www.incrediblejunior.com/npp_plugins/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://github.com/Coises/ColumnsPlusPlusnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://github.com/swhitley/erphelperyle8notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.gnu.org/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2033206449.000000000019A000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://github.com/Dook1/Bookmarks-Dook/releases/download/v4.0.4/BookmarksDook.64.4.0.4.zipMnotepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://github.com/oleg-shilo/cs-script.npp/releases/download/v2.0.4.0/CSScriptNpp.2.0.4.0.x64.zipVenotepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://github.com/michaelxzhang/Npp-Highlighteripnotepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://wakatime.comnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316439104.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.google.com/search?q=$(CURRENT_WORD)npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000000.2016550409.00007FF6E9DFA000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000000B.00000002.2051541219.00007FF6E9DFA000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000001C.00000000.2477077881.00007FF6E5D62000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://github.com/vinsworldcom/nppColumnTools/releases/download/1.4.5.1/ColumnTools-v1.4.5.1-x64.zinotepad++.exe, 00000009.00000003.2182501875.000001ACC3A47000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A48000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315795906.000001ACC3A49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A45000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://github.com/azerg/NppBplistPluginory.vnotepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://github.com/gurikbal/Merge-files-in-onenpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://bitbucket.org/rdipardo/htmltag/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://github.com/chcg/NPP_HexEdit/releases/download/0.9.12/HexEditor_0.9.12_x64.zip2notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://www.seelisoft.net/Linefilter3/Linefilter3_x64.zip7notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://github.com/Pascal-Krenckel/NppGZipFileViewer/releases/download/v3.0.1/NppGZipFileViewerX64.tnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://github.com/chcg/NPP_HexEditase.uZnotepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://github.com/shriprem/Goto-Line-Col-NPP-Plugin/releases/download/v2.4.3.0/GotoLineCol_x64.zippnotepad++.exe, 00000009.00000002.2315754447.000001ACC3A34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://github.com/francostellari/NppPlugins/raw/main/TakeNotes/TakeNotes_dll_1v27_x64.zipVnotepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://sourceforge.net/projects/tagleet/4.zipnotepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://creativecommons.org/licenses/by-nc-sa/3.0/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://github.com/molsonkiko/HugeFiles/notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://sourceforge.net/projects/extsettings/files/v1.3.1/plugin/x64/ExtSettings_v1.3.1_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182879569.000001ACC3B49000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://github.com/francostellari/NppPluginsH5Ynotepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://sourceforge.net/projects/gedcomlexer/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://github.com/eljefe7000/RestApiToTextnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://sourceforge.net/projects/customlinenumbers300b4c0e8189notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://community.notepad-plus-plus.org/topic/11554/function-list-for-vhdlnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://github.com/Krazal/nppopenaignotepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://github.com/shriprem/FWDataViznpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://github.com/SinghRajenM/nppURLPlugin/releases/download/1.2.0.0/urlPlugin_x64.zipWnotepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://sourceforge.net/projects/imgtag/_x64.zipUnotepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://github.com/Jiangshan00001/npp_MZC8051npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://github.com/blu3mania/npp-papyrus/releases/download/v1.2.2/PapyrusPlugin-v1.2.2-x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182841442.000001ACC3C26000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317183499.000001ACC3C29000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964863640.0000027384534000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://github.com/swhitley/erphelpernpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://github.com/Coises/ColumnsPlusPlusgnotepad++.exe, 00000009.00000003.2169198044.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180015578.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2316826565.000001ACC3BA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://github.com/KubaDee/SelectToClipboard/releases/download/v1.0.3/SelectToClipboard_x64_v1.0.3.znpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317143871.000001ACC3C12000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2181045311.000001ACC3C0D000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.000002738455B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://github.com/young-developer/nppNavigateTonpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182920222.000001ACC3B5B000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://www.gnu.org/licenses/npp.8.6.7.Installer.x64.exe, 00000000.00000002.2039128456.00000000027BD000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000000.2016361940.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 00000009.00000002.2319288862.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000000B.00000000.2022748994.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000000B.00000002.2050782359.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000003.2274660356.000000000079E000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499646834.0000000002784000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2497171401.000000000019A000.00000004.00000010.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000000.2476917701.00007FF6E5C4B000.00000002.00000001.01000000.0000000E.sdmp, notepad++.exe, 0000001C.00000002.2971138093.00007FF6E5C4B000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://github.com/Leonard-The-Wise/NWScript-Nppnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2317099334.000001ACC3BF5000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481928451.00000273846D9000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://github.com/nea/MarkdownViewerPlusPlus/releases/download/0.8.2/MarkdownViewerPlusPlus-0.8.2-xnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2163450175.000001ACC3B43000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2180899116.000001ACC3B5E000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179261831.000001ACC3B56000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2169198044.000001ACC3B52000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273845AC000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481815436.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.0000027384696000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://github.com/molsonkiko/HugeFiles/releases/download/v0.4.1/Release_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://sourceforge.net/projects/locationnav/files/LocationNavigate_v0.4.8.1_x64.zipU/znotepad++.exe, 00000009.00000003.2182501875.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2190559044.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2179624036.000001ACC3A85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://www.incrediblejunior.com/npp_plugins/(5ynotepad++.exe, 00000009.00000003.2028539773.000001ACC3B86000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028324897.000001ACC3B6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://github.com/ffes/npptags/releases/download/v0.9.1/NppTags-091-x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028411660.000001ACC3BD4000.00000004.00000020.00020000.00000000.sdmp, npp.8.7.Installer.x64.exe, 00000011.00000002.2499974685.0000000002859000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000002.2964947782.00000273846BF000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 0000001C.00000003.2481707705.00000273846A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://github.com/Krazal/nppopenai/releases/download/v0.3.0.1/NppOpenAI_x64.zipnpp.8.6.7.Installer.x64.exe, 00000000.00000002.2039340973.000000000288A000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000002.2315700068.000001ACC3A02000.00000004.00000020.00020000.00000000.sdmp, notepad++.exe, 00000009.00000003.2028163165.000001ACC3BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown

                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                84.32.84.219
                                                                                                                                                                                                                		notepad-plus-plus.orgLithuania
                                                                                                                                                                                                                		33922NTT-LT-ASLTfalse
                                                                                                                                                                                                                140.82.121.3
                                                                                                                                                                                                                		github.comUnited States
                                                                                                                                                                                                                		36459GITHUBUSfalse
                                                                                                                                                                                                                185.199.110.133
                                                                                                                                                                                                                		objects.githubusercontent.comNetherlands
                                                                                                                                                                                                                		54113FASTLYUSfalse

                                                                                                                                                                                                                Private

                                                                                                                                                                                                                IP
                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                Analysis ID:1531792
                                                                                                                                                                                                                Start date and time:2024-10-11 20:33:34 +02:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 11m 52s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:30
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                Detection:SUS
                                                                                                                                                                                                                Classification:sus26.evad.winEXE@33/380@3/4
                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                • Successful, ratio: 50%
                                                                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 20.42.73.29
                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                • Execution Graph export aborted for target notepad++.exe, PID 4488 because there are no executed function
                                                                                                                                                                                                                • Execution Graph export aborted for target notepad++.exe, PID 5688 because there are no executed function
                                                                                                                                                                                                                • Execution Graph export aborted for target notepad++.exe, PID 6976 because there are no executed function
                                                                                                                                                                                                                • Execution Graph export aborted for target npp.8.7.Installer.x64.exe, PID 6072 because there are no executed function
                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                • VT rate limit hit for: npp.8.6.7.Installer.x64.exe

                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                14:35:01API Interceptor602x Sleep call for process: notepad++.exe modified
                                                                                                                                                                                                                14:35:30API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                84.32.84.219https://sites.google.com/view/giftcardsgrannyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • terak.online/include/images/load.gif
                                                                                                                                                                                                                sipari#U015f_onay#U0131.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                                                                                • www.tabbartrader.com/dz01/?lZ3=p2MptpHXqrVlbPUp&jFNl2n5=EzPoMCzVtkUNiNwncIWeaPmc/qT/mbBFW6caYSryJq/FAen7ZRXhXHJ+RLQx0cBp89K/
                                                                                                                                                                                                                140.82.121.3Winscreen.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                • github.com/darkZeusWeb/loadersoft/raw/refs/heads/main/shell.exe
                                                                                                                                                                                                                stubInf.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                • github.com/darkZeusWeb/loadersoft/raw/refs/heads/main/Winscreen.exe
                                                                                                                                                                                                                6glRBXzk6i.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                • github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
                                                                                                                                                                                                                firefox.lnkGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                • github.com/john-xor/temp/blob/main/index.html?raw=true
                                                                                                                                                                                                                0XzeMRyE1e.exeGet hashmaliciousAmadey, VidarBrowse
                                                                                                                                                                                                                • github.com/neiqops/ajajaj/raw/main/file_22613.exe
                                                                                                                                                                                                                MzRn1YNrbz.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                • github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
                                                                                                                                                                                                                RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • github.com/ssbb36/stv/raw/main/5.mp3
                                                                                                                                                                                                                185.199.110.133SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_mnr.txt

                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                github.cominvoice.exeGet hashmaliciousMinerDownloader, RedLine, XmrigBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                SecuriteInfo.com.Gen.Variant.Lazy.564550.16803.23255.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.5
                                                                                                                                                                                                                WCA-Cooperative-Agreement.docx.exeGet hashmaliciousBabadeda, Exela Stealer, Python Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                eshkere.batGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                objects.githubusercontent.comhttps://www.newtonsoft.com/jsonGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 185.199.108.133
                                                                                                                                                                                                                WCA-Cooperative-Agreement.docx.exeGet hashmaliciousBabadeda, Exela Stealer, Python Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                                • 185.199.111.133
                                                                                                                                                                                                                SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 185.199.111.133
                                                                                                                                                                                                                SecuriteInfo.com.PUA.Tool.InstSrv.3.16098.13705.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 185.199.108.133
                                                                                                                                                                                                                SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 185.199.108.133
                                                                                                                                                                                                                Windows PowerShell.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 185.199.111.133
                                                                                                                                                                                                                8QBpLkbY6i.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                file.exeGet hashmaliciousQuasar, WhiteSnake StealerBrowse
                                                                                                                                                                                                                • 185.199.109.133
                                                                                                                                                                                                                SecuriteInfo.com.Win32.MalwareX-gen.27131.14737.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 185.199.108.133
                                                                                                                                                                                                                SecuriteInfo.com.Win32.MalwareX-gen.27131.14737.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 185.199.111.133
                                                                                                                                                                                                                notepad-plus-plus.orgkJs0JTLO6I.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                • 84.32.84.139
                                                                                                                                                                                                                kJs0JTLO6I.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                • 154.62.105.53
                                                                                                                                                                                                                https://tg-pixel.gitbook.io/2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 84.32.84.36
                                                                                                                                                                                                                file.exeGet hashmaliciousDjvu, Glupteba, RedLine, SmokeLoader, XmrigBrowse
                                                                                                                                                                                                                • 84.32.84.79
                                                                                                                                                                                                                file.exeGet hashmaliciousDjvu, Glupteba, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                • 191.96.144.251
                                                                                                                                                                                                                file.exeGet hashmaliciousDjvu, Glupteba, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                • 191.96.144.146
                                                                                                                                                                                                                file.exeGet hashmaliciousDjvu, Glupteba, SmokeLoaderBrowse
                                                                                                                                                                                                                • 84.32.84.35
                                                                                                                                                                                                                file.exeGet hashmaliciousDjvu, Glupteba, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                • 191.101.104.56
                                                                                                                                                                                                                file.exeGet hashmaliciousDjvu, Glupteba, RedLine, SmokeLoader, Vidar, XmrigBrowse
                                                                                                                                                                                                                • 191.96.144.216
                                                                                                                                                                                                                file.exeGet hashmaliciousDjvu, Glupteba, LummaC Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                • 154.41.250.6

                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                NTT-LT-ASLTquote894590895pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                orA5ALUAmWVn51g.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                NjjLYnPSZr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                EqszHzzNn5.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                zufmUwylvo.exeGet hashmaliciousFlesh Stealer, XmrigBrowse
                                                                                                                                                                                                                • 84.32.84.151
                                                                                                                                                                                                                3qsTcL9MOT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                zufmUwylvo.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                • 84.32.84.109
                                                                                                                                                                                                                L7mZZNG72D.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                XMRVhU3b3U.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                8EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • 84.32.84.32
                                                                                                                                                                                                                FASTLYUShttps://lessonfulladvocating.z19.web.core.windows.net/Get hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                                                                                • 151.101.2.137
                                                                                                                                                                                                                maybe scam.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                • 151.101.194.137
                                                                                                                                                                                                                https://iceagfd.r.bh.d.sendibt3.com/tr/cl/PjbsIyrZEvBY_Rwsfyw5Jf3lFVOT6oZHgb1SfX63Lb3ae9-gfKb2jlPREqBkpRV4pWkurBsbJBFEH15AJtTYwybPM0qTkZDrUU83xYgtOUx5R28tYfv9FR0maF37xHQF64yZn75cO5R-BikxqcNs-GP05aHxn7akD1lscY1ZXn8Sa5QzaOWc3HI5Bxl8P31E7CLLw2CE-dF5d15hX2uTa_r1cKi-35rM-WIiEe68qdBkTveiUWlcumiEAjlk2Kvi5yjTX_e6daYkRZIdeCzTt2ZiQO8M7mU8cmRhqn7vv3d1nfoyuLqCz_csFUqVodYl0s8BAkd5yMVlDgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 151.101.66.137
                                                                                                                                                                                                                https://url.avanan.click/v2/r01/___https://www.google.com.sg/zwq?v=7WZIz&why=7WZIz&xf=y&jxwh=7WZIz&xtzwhj=&hi=7WZIz&zfhy=&zwq=frudxdjAjsynslgfxj.htr.fzd.oflfd___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo5MTJhYWJjZjBjZWQ3YTE3MzliOWViMjI2OTgzNmFjODo3OmFiMTk6M2MwNmNjYzRlYzBhY2Q2MTg4MWQ5YTMxZDNlZTRiZmFmOTNhMjg1NDIzMDkzM2QyMzQ2MzYzY2Q5NzJhMDgxYTpoOlQ6VA#cnlhbkBsaW5jb2xubWFpbmVmY3UuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 151.101.1.140
                                                                                                                                                                                                                https://wewgirls.ru/FYrSh/#RZ2ZlYXJleUB0cnUuY2E=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                • 151.101.194.137
                                                                                                                                                                                                                Cotain Spires (RFP) ID#88763.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 151.101.194.137
                                                                                                                                                                                                                https://officialebooks.com/arull.php?7088797967704b536932307464504d3951745363314a7a5530744b61724d3179737131532b6f644848574277413dhttps://f1-telemetryo.ru/pyDC/#X%5Bemail%5DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                • 151.101.66.137
                                                                                                                                                                                                                SETTLEMENT-2023-165092-SP-21.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 151.101.2.137
                                                                                                                                                                                                                https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/a%C2%ADs%C2%ADt%C2%ADr%C2%ADo%C2%ADw%C2%ADo%C2%ADr%C2%ADl%C2%ADd%C2%AD-%C2%ADi%C2%ADn%C2%ADt%C2%AD.%C2%ADc%C2%ADo%C2%ADm/gguiteGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                                                • 151.101.194.137
                                                                                                                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 151.101.1.252
                                                                                                                                                                                                                GITHUBUSinvoice.exeGet hashmaliciousMinerDownloader, RedLine, XmrigBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                https://www.newtonsoft.com/jsonGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.114.22
                                                                                                                                                                                                                SecuriteInfo.com.Gen.Variant.Lazy.564550.16803.23255.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.5
                                                                                                                                                                                                                WCA-Cooperative-Agreement.docx.exeGet hashmaliciousBabadeda, Exela Stealer, Python Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                Request For Quotation.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                eshkere.batGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                • 140.82.121.4
                                                                                                                                                                                                                SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.3

                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                74954a0c86284d0d6e1c4efefe92b521main.bat.bin.batGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                S4dd5N5VuJ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                404.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                D0WmCTD2qO.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                c5WMpr1cOc.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                404.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                s14.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                s200.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                KYwOaWhyl6.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133
                                                                                                                                                                                                                HdXeCzyZD9.exeGet hashmaliciousLummaC, DCRat, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                • 140.82.121.3
                                                                                                                                                                                                                • 84.32.84.219
                                                                                                                                                                                                                • 185.199.110.133

                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                C:\Program Files\Notepad++\LICENSE

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (937), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):35500
                                                                                                                                                                                                                Entropy (8bit):4.616383583331852
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:Z2yU/QOoIlWlrp49VSGxki5HQelcxwu1w2/Dd:tzOotpq75Hdlzawu
                                                                                                                                                                                                                MD5:62FE07BED404DFD0975891BB6CFB0C90
                                                                                                                                                                                                                SHA1:BD0918E2494A718F1C4A40EDAD405CA4F3D5A1B9
                                                                                                                                                                                                                SHA-256:2B94F58D89424AF06D1A8E16775774757F1ECFB678203C3439AF037A24F35DC6
                                                                                                                                                                                                                SHA-512:90BBAF49864F8A35894C7D62CDD23EF1EF7742301993B00FA28C00AE04AA69C624878AD9ECCB841B4890A5A70ECA75EC1C8BA120D67D12EA5088FD06E156EBE2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:COPYING -- Describes the terms under which Notepad++ is distributed...A copy of the GNU GPL is appended to this file.....IMPORTANT NOTEPAD++ LICENSE TERMS....Copyright (C)2021 Don HO <don.h@free.fr>. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 3 with the clarifications and exceptions described below. This guarantees your right to use, modify, and redistribute this software under certain conditions.....This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.....******************************************************************......GNU GENERAL PUBLIC LICENSE..Version 3, 29 June 2007....Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>....Everyone is permitted to copy

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\BaanC.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18483
                                                                                                                                                                                                                Entropy (8bit):4.808858097294878
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:yKdzNioFvNwL9FnWq5OLUrPteXFQLTDfT+YK:/t1wLbWcEU7eF0zZK
                                                                                                                                                                                                                MD5:85C891742FCF58AE535B26AD948370A2
                                                                                                                                                                                                                SHA1:385E2C813C8D157627220F2BC92A5324C120859B
                                                                                                                                                                                                                SHA-256:D408ED3CAEF21EBB64FB29D633E9CE5069454C1A792A09E2E24F83595D2743BE
                                                                                                                                                                                                                SHA-512:6AC5C04F8A0B34DE18C8823550A0E24BE037A518C3A93AAAC2BBBA50A63032EC99EA0833C2B73F0ACCE7E443EDC4E9DD2A8B97D8B2A842746EC32C355C620A1E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete language="BaanC">....<Environment ignoreCase="yes" startFunc="(" stopFunc=")" paramSeparator="," additionalWordChar=".:$#" />....<KeyWord name="#context_off" />....<KeyWord name="#context_on" />....<KeyWord name="#define" />....<KeyWord name="#elif" />....<KeyWord name="#else" />....<KeyWord name="#endif" />....<KeyWord name="#ident" />....<KeyWord name="#if" />....<KeyWord name="#ifdef" />....<KeyWord name="#ifndef" />....<KeyWord name="#include" />....<KeyWord name="#pragma" />....<KeyWord name="#undef" />....<KeyWord name="actual.occ" />....<KeyWord name="after.choice:" />....<KeyWord name="after.delete:" />....<KeyWord name="after.display:" />....<KeyWord name="after.field:" />....<KeyWord name="after.form.read:" />....<KeyWord name="after.form:" />....<KeyWord name="after.group:" />....<KeyWord name="after.input:" />....<KeyWord name="after.layout:" />....<KeyWord name="after.program:" />....<KeyWord name="afte

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\actionscript.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20745
                                                                                                                                                                                                                Entropy (8bit):4.92748698540998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:MZxtbsnBzF1kMlGpIZ3D3J6lnAlO1HNbrcgZw09sZlmb3xDNZ8wWXUdm1g4otiBS:zx3lxz3J6lnj1ZZwowmb3bftPThh
                                                                                                                                                                                                                MD5:280F64B01191BF89B52C5BBBEA1CC290
                                                                                                                                                                                                                SHA1:E01503C8EF4155BDE9C89E3E2A21F8437872C4EB
                                                                                                                                                                                                                SHA-256:F1FB320FD456938AFC0BC852765E393837BCEA53BD514838419801BEF8436B9E
                                                                                                                                                                                                                SHA-512:9D71B7D04D2558669A18712A778DD61C81B434D21DA5698205FCF5063CF99A1261C9A3952DA92F14CA94605D6D8B1650D46B896947CA64AE980181EADBD35005
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="&quot;allowscale&quot;" />....<KeyWord name="&quot;exec&quot;" />....<KeyWord name="&quot;fullscreen&quot;" />....<KeyWord name="&quot;quit&quot;" />....<KeyWord name="&quot;showmenu&quot;" />....<KeyWord name="&quot;trapallkeys&quot;" />....<KeyWord name="#include" />....<KeyWord name="a" />....<KeyWord name="abs" />....<KeyWord name="Accessibility" />....<KeyWord name="Accessibility.isActive" />....<KeyWord name="acos" />....<KeyWord name="add" />....<KeyWord name="addheader" />....<KeyWord name="addListener" />....<KeyWord name="addProperty" />....<KeyWord name="align" />....<KeyWord name="allowDomain" />....<KeyWord name="ALT" />....<KeyWord name="and" />....<KeyWord name="appendChild" />....<KeyWord name="apply" />....<KeyWord name="arguments" />....<KeyWord name="arguments.callee" />....<KeyWord name="arguments.caller" />....<KeyWord name="Array" />....<KeyWord name="AsBroadcaster" />....<Ke

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\autoit.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (682), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):738716
                                                                                                                                                                                                                Entropy (8bit):5.276974953987454
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:a3U9MWnaCYO24fiq2xydgzX8FkXGPW+M/+HG:alFxydqxXCG
                                                                                                                                                                                                                MD5:986E806D09B5C0FFF08C5D9EAC33A237
                                                                                                                                                                                                                SHA1:22A0D9893CB6CF82598A698401DE38DF11389043
                                                                                                                                                                                                                SHA-256:B15AFD5149673E3D72FC8E99945197C86AD43113230DCD8BBC952A82E965E146
                                                                                                                                                                                                                SHA-512:B2F66CF3F5B4E049DCAA93284FAD1718625960FF0139550E74B5BFFCB7AB5CF605433F1DAF4A5653BFD1DEC920EF355352828691885F5DEBC7805870B7609339
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<Environment ignoreCase="yes" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" additionalWordChar="@"/>....<KeyWord name="#ce" />....<KeyWord name="#comments-end" />....<KeyWord name="#comments-start" />....<KeyWord name="#cs" />....<KeyWord name="#endregion" />....<KeyWord name="#forceref" />....<KeyWord name="#include" />....<KeyWord name="#include-once" />....<KeyWord name="#NoAutoIt3Execute" />....<KeyWord name="#NoTrayIcon" />....<KeyWord name="#OnAutoItStartRegister" />....<KeyWord name="#region" />....<KeyWord name="#RequireAdmin" />....<KeyWord name="@AppDataCommonDir" />....<KeyWord name="@AppDataDir" />....<KeyWord name="@AutoItExe" />....<KeyWord name="@AutoItPID" />....<KeyWord name="@AutoItVersion" />....<KeyWord name="@AutoItX64" />....<KeyWord name="@CommonFilesDir" />....<KeyWord name="@Compiled" />....<KeyWord name="@ComputerName" />....<KeyWord name="@ComSpec" />....<KeyWord name="@CO

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\batch.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3777
                                                                                                                                                                                                                Entropy (8bit):4.65179996900978
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cctv6Ev5yzWpWoov1x06mYyR36fQdBny5X2C3XBgCsZ7/4Q4TLqzqlFCVGWlTtQC:sZPqDeie22eX
                                                                                                                                                                                                                MD5:01E31D41E5CFB5D2B85C6AA0AABB0FFF
                                                                                                                                                                                                                SHA1:6FFCBF31A35C8674536CC2A8A9DE7D3F2D48CA38
                                                                                                                                                                                                                SHA-256:C4025268B36BB02B2D25E5144D360F69CFC7DDDCB3AC98CD2D588393B5CBD30D
                                                                                                                                                                                                                SHA-512:EDD0921A8330AEDD148DA78FD364999C99FD745A87E7C699A3487BC084224D9A4A0FF89D496031A289591766B68E44C5B255ABD9D8588100408E0D7AC993DA74
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="arp" />....<KeyWord name="assoc" />....<KeyWord name="at" />....<KeyWord name="attrib" />....<KeyWord name="aux" />....<KeyWord name="bcdedit" />....<KeyWord name="break" />....<KeyWord name="cacls" />....<KeyWord name="call" />....<KeyWord name="cd" />....<KeyWord name="chcp" />....<KeyWord name="chdir" />....<KeyWord name="chkdsk" />....<KeyWord name="chkntfs" />....<KeyWord name="choice" />....<KeyWord name="cipher" />....<KeyWord name="clip" />....<KeyWord name="cls" />....<KeyWord name="cmd" />....<KeyWord name="cmdextversion" />....<KeyWord name="color" />....<KeyWord name="com" />....<KeyWord name="com1" />....<KeyWord name="com2" />....<KeyWord name="com3" />....<KeyWord name="com4" />....<KeyWord name="comp" />....<KeyWord name="compact" />....<KeyWord name="con" />....<KeyWord name="convert" />....<KeyWord name="copy" />....<KeyWord name="ctty" />....<KeyWord name="date" />....<KeyWord n

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\c.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):44386
                                                                                                                                                                                                                Entropy (8bit):4.819657584086502
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:UlLkgVb7IwT7m/rfwAPYiXAZNHKpClVEq0eU6XDmReyBle5UdAGrlaoP2YR/yAYG:yIaalSHYcWeU6XuFNtxcEgCf0AOs
                                                                                                                                                                                                                MD5:2EAA4B8AF356B86455F8AAE63EB43340
                                                                                                                                                                                                                SHA1:E8224D0873A79C4E27CE96B739F0E154C9432287
                                                                                                                                                                                                                SHA-256:35AADC7531E2332679C54306899A21FE3586B7203132CB5673B64915FEB91BAD
                                                                                                                                                                                                                SHA-512:CA079FF03EEBAED02BFCEF5D82723441C5C76C4C7D6FC220C51657C08CDCD2FB9DDD8A85E11DFBCEC45E0F3ABAC8C0A081F2512224B2D3FCC446B0670EC651ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete language="C">....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" />....<KeyWord name="#define" />....<KeyWord name="#elif" />....<KeyWord name="#else" />....<KeyWord name="#endif" />....<KeyWord name="#error" />....<KeyWord name="#if" />....<KeyWord name="#ifdef" />....<KeyWord name="#ifndef" />....<KeyWord name="#include" />....<KeyWord name="#line" />....<KeyWord name="#pragma" />....<KeyWord name="#undef" />....<KeyWord name="abort" func="yes">.....<Overload retVal="void" >......<Param name="void" />.....</Overload>....</KeyWord>....<KeyWord name="abs" func="yes">.....<Overload retVal="int" >......<Param name="int i" />.....</Overload>....</KeyWord>....<KeyWord name="absread" />....<KeyWord name="abswrite" />....<KeyWord name="access" func="yes">.....<Overload retVal="int" >......<Param name="const char *path" />......<Param name="int amode" />.....</Overload>....</KeyWord>

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\cmake.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7884
                                                                                                                                                                                                                Entropy (8bit):5.149440517775605
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:Ul8vZFzGomzwy89l8XlR4NQl2MIlqWHx2HcjawarV:Ul8RFCoUwy89m1R4NQl2MIl0H8za
                                                                                                                                                                                                                MD5:4F983F57C1815F6B74AE78DA2EA3C3EA
                                                                                                                                                                                                                SHA1:CCD8399D9F50BBE22E9B1F5E1B7B8FADC200F4F9
                                                                                                                                                                                                                SHA-256:F902ADC5FAF041306B54D48914A5BC9C8D45057A4DA431786AEF451E2C39D1F7
                                                                                                                                                                                                                SHA-512:7880149CC9CFA69552308051A3E34D26C869E7859D0B3618D8A1D8241677055ACEEC132F98EA5735EBDBA9DDBF081684BD179B561AD7A0D4CBAFA7CB5F93B248
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" />....<KeyWord name="add_custom_command" />....<KeyWord name="add_compile_definitions" />....<KeyWord name="add_compile_options" />....<KeyWord name="add_custom_command" />....<KeyWord name="add_custom_target" />....<KeyWord name="add_definitions" />....<KeyWord name="add_dependencies" />....<KeyWord name="add_executable" />....<KeyWord name="add_library" />....<KeyWord name="add_link_options" />....<KeyWord name="add_subdirectory" />....<KeyWord name="add_test" />....<KeyWord name="aux_source_directory" />....<KeyWord name="build_command" />....<KeyWord name="build_name" />....<KeyWord name="cmake_minimum_required" />....<KeyWord name="configure_file" />....<KeyWord name="create_test_sourcelist" />....<KeyWord name="else" />....<KeyWord name="elseif" />....<KeyWord name="enable_language" />....<KeyWord name="enable_testing"

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\cobol.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):47436
                                                                                                                                                                                                                Entropy (8bit):5.302103141888639
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:fIlBSWIMz6wlYQFv8nFMpNgDoP2p7M3hqZaCO8BS:fIDCIlUFISom2hqvBS
                                                                                                                                                                                                                MD5:C435D68DF074BA8D660EBACE763E9DA9
                                                                                                                                                                                                                SHA1:AB1F43C65DB8A58C16803AFB5FD712261D87C9EA
                                                                                                                                                                                                                SHA-256:7690E1BBE3EE5D55B993EBC1F41DF35F5BF1B7AAC7C6B6152A6F1112CB9A6773
                                                                                                                                                                                                                SHA-512:40F0E75DA7360FA4857F1A73C4365A303AD3649CECC6DCA229AA7D4EB6342C601FD8633CBF13B80C5FF9A8B089E30E2FC863950EB952319A44C3C833EA159BBE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>... note: this list was created using functions and reserved words known to GnuCOBOL (COBOL85,2002,2014 + extensions from IBM/MF/RM/ACUCOBOL) -->...<AutoComplete language="COBOL">....<Environment ignoreCase="yes" startFunc="(" stopFunc=")" paramSeparator="," additionalWordChar="-" />....<KeyWord name="3-D" />....<KeyWord name="ABS" func="yes">.....<Overload retVal="Integer/Numeric" descr="absolute value of &lt;number&gt;">......<Param name="number" />.....</Overload>....</KeyWord>....<KeyWord name="ACCEPT" />....<KeyWord name="ACCESS" />....<KeyWord name="ACOS" func="yes">.....<Overload retVal="Numeric" descr="trigonometric arc-cosine, or inverse cosine, of &lt;cosine&gt;">......<Param name="cosine" />.....</Overload>....</KeyWord>....<KeyWord name="ACTIVE-CLASS" />....<KeyWord name="ADD" />....<KeyWord name="ADDRESS" />....<KeyWord name="ADVANCING" />....<KeyWord name="AFTER" />....<KeyWord name="ALIGNED" />....<KeyWord name="A

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\coffee.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1503
                                                                                                                                                                                                                Entropy (8bit):4.620521488253765
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TMHdYFKjfre4s2jwSd7QfOvTOwU2sGjugCO2Vr1JOOLlb9/5GhndAaMgkGOOrDdE:2dttSYpUbE3z7ndeEb9AJz
                                                                                                                                                                                                                MD5:E38002A39E12D0C8B0BB2B39276000A3
                                                                                                                                                                                                                SHA1:2ECE648EA21CDADA82F554BB435AA2ACA5D9A50E
                                                                                                                                                                                                                SHA-256:4DC5389CC699CEEAA7B020349FAADA9687FB215E80BC3A6D81E97D8B4B994EFC
                                                                                                                                                                                                                SHA-512:66D4E3A125F90DF35C13C436D163332712FF12C4351B2510E3826A3E03D8293F3B86BC4AE241BE349313E5C0D190962F09D379F6778C6926150E39B800B4B42F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>....<AutoComplete>.....<KeyWord name="arguments" />.....<KeyWord name="and" />.....<KeyWord name="await" />.....<KeyWord name="break" />.....<KeyWord name="by" />.....<KeyWord name="catch" />.....<KeyWord name="class" />.....<KeyWord name="continue" />.....<KeyWord name="default" />.....<KeyWord name="defer" />.....<KeyWord name="delete" />.....<KeyWord name="do" />.....<KeyWord name="else" />.....<KeyWord name="extends" />.....<KeyWord name="false" />.....<KeyWord name="finally" />.....<KeyWord name="for" />.....<KeyWord name="if" />.....<KeyWord name="in" />.....<KeyWord name="is" />.....<KeyWord name="isnt" />.....<KeyWord name="Infinity" />.....<KeyWord name="instanceof" />.....<KeyWord name="loop" />.....<KeyWord name="new" />.....<KeyWord name="not" />.....<KeyWord name="null" />.....<KeyWord name="NaN" />.....<KeyWord name="of" />.....<KeyWord name="or" />.....<KeyWord name="on" />.....<KeyWord name="no" />.....<KeyWord name=

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\cpp.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):63776
                                                                                                                                                                                                                Entropy (8bit):4.834666616148864
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:cEAZIP0Xu5LBre8ea682OtuaCGCs/wfL1TozOvf0+:9mIMXEBrLea68ZQaCGCs/41T2Ob
                                                                                                                                                                                                                MD5:229BE9B642F7D29E287C92954A548915
                                                                                                                                                                                                                SHA1:70CD8DA10088B1F47C81A42C8AA30138A94BA916
                                                                                                                                                                                                                SHA-256:859225AF31857A4413B72FC91DDA16BFDECDEB3C465FAA78929A97B14E421D0B
                                                                                                                                                                                                                SHA-512:F1D5FB5EE8FB08F6D61FAC2251C9C813CEA67B8246D26703B2C4A8F5AF55CB037B8F16157B8995B2810A1ABC727059A00BF2AAB6F51DCE6442DDFB0944B82080
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>... language doesnt really mean anything, its more of a comment -->...<AutoComplete language="C++">.... ....Environment specifies how the language should be interpreted. ignoreCase makes autocomplete....ignore any casing, start and stopFunc specify what chars a function starts and stops with.....param specifies parameter separator and terminal can be used to specify a character that stops....any function. Using the same character for different functions results in undefined behaviour.........05/11/2009....The basic word character are : A-Z a-z 0-9 and '_' ....If your function name contains other characters,....add your characters in "additionalWordChar" attribute (without separator)....in order to make calltip hint work....-->....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" additionalWordChar=""/>.... ....The following items should be alphabetically ordered.....func="yes" means th

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\cs.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):33888
                                                                                                                                                                                                                Entropy (8bit):4.942129814067167
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:0b5/3cIDofzfbG4PNX6SEdtbAaVzNWttnWntntnaAnaeI9Sa0PrBdvg/ZBzcsr:Z5DbG4Gu7jl
                                                                                                                                                                                                                MD5:5ED5AE58ADCCE9B305F536A15CE46F55
                                                                                                                                                                                                                SHA1:1415B8CB77A2D76236437FD6805F18356EF5337D
                                                                                                                                                                                                                SHA-256:51167C87E44F41D00756BF36C425DE070AB831D8B18E75B5C1D3B1468F20DCF9
                                                                                                                                                                                                                SHA-512:22371C6134FA2132598E6673BDD704717FA9679C95AA8E73DF860535D1F3B94D104EDBE8DBCC19DEAE8860349C2D592AAB02B7A4CB2664E0AF0587D4CD139915
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete language="C#">....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" additionalWordChar="."/>....<KeyWord name="abstract" />....<KeyWord name="as" />....<KeyWord name="async" />....<KeyWord name="Array.BinarySearch" func="yes">.....<Overload retVal="int" >......<Param name="Array array" />......<Param name="object value" />.....</Overload>.....<Overload retVal="int" >......<Param name="Array array" />......<Param name="object value" />......<Param name="System.Collections.IComparer comparer" />.....</Overload>.....<Overload retVal="int" >......<Param name="Array array" />......<Param name="int index" />......<Param name="int length" />......<Param name="object value" />.....</Overload>.....<Overload retVal="int" >......<Param name="Array array" />......<Param name="int index" />......<Param name="int length" />......<Param name="object value" />......<Param name="System.Collectio

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\css.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):17001
                                                                                                                                                                                                                Entropy (8bit):4.788942431010734
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:XucQlby5vBr946sNhazE1WoSTdn3FrQOI7DkARyiuMI8:ecQlbN6s2EtSJvD8
                                                                                                                                                                                                                MD5:408C9069315C5292E047B26D893DD0EB
                                                                                                                                                                                                                SHA1:AA0BD26A2149D48DD60181C9B5427A3C6710AE27
                                                                                                                                                                                                                SHA-256:5438655E9264219E830DA3D3181399CDDA72AA701A8191A51274DC879E856BB6
                                                                                                                                                                                                                SHA-512:217726014D06B6789E13DE91B9DF22BDEEFC8D584FD10994DA1F6161BB886E91C359C45E9FCB13EB75DE2018B6514FE738422FE1A1354D7C1E9EDE8FE4CE6322
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name=":active" />....<KeyWord name=":after" />....<KeyWord name=":before" />....<KeyWord name=":first" />....<KeyWord name=":first-child" />....<KeyWord name=":first-letter" />....<KeyWord name=":first-line" />....<KeyWord name=":focus" />....<KeyWord name=":hover" />....<KeyWord name=":lang" />....<KeyWord name=":left" />....<KeyWord name=":link" />....<KeyWord name=":right" />....<KeyWord name=":visited" />....<KeyWord name="@charset" />....<KeyWord name="@font-face" />....<KeyWord name="@import" />....<KeyWord name="@media" />....<KeyWord name="@page" />....<KeyWord name="above" />....<KeyWord name="absolute" />....<KeyWord name="accent-color" />....<KeyWord name="ActiveBorder" />....<KeyWord name="ActiveCaption" />....<KeyWord name="additive-symbols" />....<KeyWord name="always" />....<KeyWord name="align-content" />....<KeyWord name="align-items" />....<KeyWord name="align-self" />....<KeyWord name

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\gdscript.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (1767), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):73064
                                                                                                                                                                                                                Entropy (8bit):5.261685760765685
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:3oow7MPF3DbHgaQNYvEkq0jNfWMY65G2DvSi66zWm8eLZFkgKDOsSjEciKYU:Z6NwJc65G2DvSi6tmdygKDOsSjZiKYU
                                                                                                                                                                                                                MD5:E4A787C8BE6FFA469D2914A03622A08D
                                                                                                                                                                                                                SHA1:F28E03F6C571485342A93A7B467CFEE6BA2F545D
                                                                                                                                                                                                                SHA-256:6B0955260345C49A52D8BD35F1A6CFB98F7048894EABABCCE38EEDED00EF630D
                                                                                                                                                                                                                SHA-512:206808D20BC9D8C774845D06419958533384A349130ACA67A0B23EFA65B8224958F73CF769EB66D3909347864B17EA2CC038F33E064575B95D5D06A4F28563BB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," additionalWordChar = "." />.... builtin keywords -->....<KeyWord name="if" />....<KeyWord name="elif" />....<KeyWord name="else" />....<KeyWord name="for" />....<KeyWord name="while" />....<KeyWord name="match" />....<KeyWord name="break" />....<KeyWord name="continue" />....<KeyWord name="pass" />....<KeyWord name="return" />....<KeyWord name="class" />....<KeyWord name="class_name" />....<KeyWord name="extends" />....<KeyWord name="is" />....<KeyWord name="as" />....<KeyWord name="self" />....<KeyWord name="tool" />....<KeyWord name="signal" />....<KeyWord name="func" />....<KeyWord name="static" />....<KeyWord name="const" />....<KeyWord name="enum" />....<KeyWord name="var" />....<KeyWord name="onready" />....<KeyWord name="export" />....<KeyWord name="setget" />....<KeyWord name="breakpoint" />....<KeyWord name="preload" />....<K

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\go.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3911
                                                                                                                                                                                                                Entropy (8bit):4.806255430874247
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:KNVh25KTKQKLYzOMUN533c+SGBvkrKGnsAfqCUJ2SY8+58Os9z3LJGn8E838ZeMZ:baC5crdsdbZkOT931zrs0UM87F9
                                                                                                                                                                                                                MD5:226FA88DE6A4DC87F13B897320EE2204
                                                                                                                                                                                                                SHA1:91A68060C4BD88919D2EFBCBAAABFF2B4E1C898B
                                                                                                                                                                                                                SHA-256:B32FB13F6FB628EEC6B447983DD062C13F7A68E2ADED77BE3C5AF7384935A7FF
                                                                                                                                                                                                                SHA-512:17C5E02262EBA6E58CD878910B1F62D46B98C704E4C313FEB907753DAC26CCD31067573EDB18336AC08A0681F63FDB89889E778350E479DF22F4F3C1F46F1E56
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<NotepadPlus>...<AutoComplete language="Go">....<KeyWord name="_" />....<KeyWord name="false" />....<KeyWord name="iota" />....<KeyWord name="nil" />....<KeyWord name="true" />....<KeyWord name="break" />....<KeyWord name="case" />....<KeyWord name="continue" />....<KeyWord name="default" />....<KeyWord name="defer" />....<KeyWord name="else" />....<KeyWord name="fallthrough" />....<KeyWord name="for" />....<KeyWord name="go" />....<KeyWord name="goto" />....<KeyWord name="if" />....<KeyWord name="import" />....<KeyWord name="range" />....<KeyWord name="return" />....<KeyWord name="select" />....<KeyWord name="switch" />....<KeyWord name="append" func="yes">.....<Overload retVal="[]Type" >......<Param name="slice []Type" />......<Param name="elems ...Type" />.....</Overload>....</KeyWord>....<KeyWord name="cap" func="yes">.....<Overload retVal="int" >......<Param name="v Type" />.....</Overload>....</KeyWord>....<KeyWord name="clear" func="yes">.....<Overload retVal="~[]Type" >......<P

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\html.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):19551
                                                                                                                                                                                                                Entropy (8bit):4.696579108817518
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:uOBunTRMos9CDaG5hVXFh+beKVP1HLiFT/n8vj3FrQtkyLJabahxN+g5+8UKp7xe:uOiMosIDTanH4/nM3FrQOyL5N+d2G3Iw
                                                                                                                                                                                                                MD5:8331575A53461EE04E9726D1713957C0
                                                                                                                                                                                                                SHA1:7C14779D819A1E0C4CECB9E6BECC8A05EE1A4BB5
                                                                                                                                                                                                                SHA-256:F2FF7ACFCB670FF9D644FB39F3962D38BE7A46736869465375CF7322E84F05E2
                                                                                                                                                                                                                SHA-512:860ADE4DB60DDB25B76DB786DCB5CB7BEAFC12299D52C985C3137C23C84DC5BC0D4EABAD2D822B46C1A9486DFE75E441D410803C65442FB71248AF1213AF6263
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="!DOCTYPE html" />....<KeyWord name=":active" />....<KeyWord name=":after" />....<KeyWord name=":before" />....<KeyWord name=":first" />....<KeyWord name=":first-child" />....<KeyWord name=":first-letter" />....<KeyWord name=":first-line" />....<KeyWord name=":focus" />....<KeyWord name=":hover" />....<KeyWord name=":lang" />....<KeyWord name=":left" />....<KeyWord name=":link" />....<KeyWord name=":right" />....<KeyWord name=":visited" />....<KeyWord name="@charset" />....<KeyWord name="@font-face" />....<KeyWord name="@import" />....<KeyWord name="@media" />....<KeyWord name="@page" />....<KeyWord name="a" />....<KeyWord name="abbr" />....<KeyWord name="above" />....<KeyWord name="absolute" />....<KeyWord name="accept" />....<KeyWord name="accept-charset" />....<KeyWord name="accesskey" />....<KeyWord name="action" />....<KeyWord name="address" />....<KeyWord name="alt" />....<KeyWord name="alway

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\java.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):205359
                                                                                                                                                                                                                Entropy (8bit):5.056625401593432
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:Cm2nVmNCbx5csXx+WLK6eNc+caWogDgDfNJ7nAFVgyKf:Cm+SfNJ7nAz3m
                                                                                                                                                                                                                MD5:1CE78A369CFF97A0AA6ADA78BF65A6D3
                                                                                                                                                                                                                SHA1:D04BA700B097732F152899C998D53D9A9A857B70
                                                                                                                                                                                                                SHA-256:18D4506CBD6C04E33B948B1824662EFC432A89E83E18ABFFB78043A2121F5580
                                                                                                                                                                                                                SHA-512:1CF3A9F7A80CD23CDC6E92A6593318B5A835EAD04177CEC843C2BBA8A50BFEB63F05266B290E7EBF547825FD2CF5D6E3993B1B7C52CE76D9D5052BE125389446
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" />....<KeyWord name="AbstractAction" />....<KeyWord name="AbstractActionPropertyChangeListener" />....<KeyWord name="AbstractAnnotationValueVisitor6" />....<KeyWord name="AbstractAnnotationValueVisitor7" />....<KeyWord name="AbstractBorder" />....<KeyWord name="AbstractButton" />....<KeyWord name="AbstractCellEditor" />....<KeyWord name="AbstractCollection" />....<KeyWord name="AbstractColorChooserPanel" />....<KeyWord name="AbstractDocument" />....<KeyWord name="AbstractDocument.AttributeContext" />....<KeyWord name="AbstractDocument.Content" />....<KeyWord name="AbstractDocument.ElementEdit" />....<KeyWord name="AbstractElementVisitor6" />....<KeyWord name="AbstractElementVisitor7" />....<KeyWord name="AbstractExecutorService" />....<KeyWord name="AbstractFilter" />....<KeyWord name="AbstractInterruptibleChannel" />....<Key

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\javascript.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27778
                                                                                                                                                                                                                Entropy (8bit):4.81507310921096
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:Kz9S+KibqO/98V/RJnYPiSxQw4Ear4fuDR9SWsOyGb4G219GU4:k9S/Mqs98pRJnKimZtulTsUbl21gU4
                                                                                                                                                                                                                MD5:199206B41E832EDEBD2F33D198F91DE1
                                                                                                                                                                                                                SHA1:483FEFC666C005E46B501E06AD381F11855E9F1F
                                                                                                                                                                                                                SHA-256:3C259EF3139DB6EA3C1957ADC55EE145724D223FE91DAB8596AE6758BACECD30
                                                                                                                                                                                                                SHA-512:C5223664B1C9F326F6E5C1DBC97B7EA977BA54E042BE4F23C1A2E9DCB76B11CCCC0165D4E2C1064A96B91725F52EABBF6BB5E4D1F5517E0609AE364245378FBB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="above" />....<KeyWord name="abs" />....<KeyWord name="AbortController" />....<KeyWord name="AbortSignal" />....<KeyWord name="AbstractRange" />....<KeyWord name="acos" />....<KeyWord name="action" />....<KeyWord name="addEventListener" />....<KeyWord name="afterbegin" />....<KeyWord name="afterend" />....<KeyWord name="alert" />....<KeyWord name="align" />....<KeyWord name="aLinkcolor" />....<KeyWord name="all" />....<KeyWord name="allSettled" />....<KeyWord name="Anchor" />....<KeyWord name="anchor" />....<KeyWord name="anchors" />....<KeyWord name="any" />....<KeyWord name="appCodeName" />....<KeyWord name="appCore" />....<KeyWord name="appendChild" />....<KeyWord name="Applet" />....<KeyWord name="applets" />....<KeyWord name="application" />....<KeyWord name="apply" />....<KeyWord name="appMinorVersion" />....<KeyWord name="appName" />....<KeyWord name="appVersion" />....<KeyWord name="Area" /

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\lisp.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):17231
                                                                                                                                                                                                                Entropy (8bit):4.782889812829667
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:AtMHdcGeEg1iwZ7OI2XeJiGr4NPDyl75gB9s:9dcGeEg3Z7OIMeJiGr4BWl75gB9s
                                                                                                                                                                                                                MD5:2342B76218146563F7CB762FF1A4C03D
                                                                                                                                                                                                                SHA1:9BD08E072B9F401EDFFB482FF22BCEDB444F8165
                                                                                                                                                                                                                SHA-256:7DEE0CE72CF218DA91221C2BE184BD22BA16B120396AA1F209583FC9F62FD8BF
                                                                                                                                                                                                                SHA-512:16944A0C0552E0B04BF7F11FD8F8FD1BAB5BB486F9C79D4335E66FE0E263E75ED756624B11862023B469D39B3B54F9A47CEB642B14BC97CEAFC030D5BF6D3CCB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="*error*" />....<KeyWord name="*vlisp-new-full-init*" />....<KeyWord name="abs" />....<KeyWord name="acad-pop-dbmod" />....<KeyWord name="acad-push-dbmod" />....<KeyWord name="acad_colordlg" />....<KeyWord name="acad_helpdlg" />....<KeyWord name="acad_strlsort" />....<KeyWord name="acad_truecolorcl" />....<KeyWord name="acad_truecolordlg" />....<KeyWord name="acdimenableupdate" />....<KeyWord name="acet-layerp-mark" />....<KeyWord name="acet-layerp-mode" />....<KeyWord name="acet-laytrans" />....<KeyWord name="acet-ms-to-ps" />....<KeyWord name="acet-ps-to-ms" />....<KeyWord name="action_tile" />....<KeyWord name="add_list" />....<KeyWord name="ads" />....<KeyWord name="alert" />....<KeyWord name="align" />....<KeyWord name="alloc" />....<KeyWord name="and" />....<KeyWord name="angle" />....<KeyWord name="angtof" />....<KeyWord name="angtos" />....<KeyWord name="append" />....<KeyWord name="apply"

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\lua.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):81390
                                                                                                                                                                                                                Entropy (8bit):4.501924853542866
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:DTnCW15Okx1T5gwj/gqSLZuPQAHyyGhKOz9D8kyYkwvT4+zlzUBVi/k/EFzuRCCF:DTnB15Ok/T5gwjwVuPQAHyyGhKkYkyYe
                                                                                                                                                                                                                MD5:2B063393053A017657BF3B570526BCE6
                                                                                                                                                                                                                SHA1:F02B9A119B7BDE478CADE3457E953F78350181C4
                                                                                                                                                                                                                SHA-256:F541D3E78E7D3F7D124BAFFA035833F2EB541B20DDD046BD2A4E56EA4BC80A71
                                                                                                                                                                                                                SHA-512:FB035262E5F1253D06DA7F1F3B2F2455FB133AACD3AA16D062FEC9D0CBB8DC845CB0C933F3FC65A9C809161F1AB0DDB08F17AAFAB9B71B96E3E9AD8603D12A43
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. <AutoComplete language="LUA">.. <Environment ignoreCase="yes" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" additionalWordChar=".:" />.... Lua syntax-->.. <KeyWord name="break" func="no" />.. <KeyWord name="and" func="no" />.. <KeyWord name="do" func="no" />.. <KeyWord name="else" func="no" />.. <KeyWord name="elseif" func="no" />.. <KeyWord name="end" func="no" />.. <KeyWord name="false" func="no" />.. <KeyWord name="for" func="no" />.. <KeyWord name="function" func="no" />.. <KeyWord name="if" func="no" />.. <KeyWord name="in" func="no" />.. <KeyWord name="local" func="no" />.. <KeyWord name="nil" func="no" />.. <KeyWord name="not" func="no" />.. <KeyWord name="or" func="no" />.. <KeyWord name="repeat" func="no" />.. <KeyWord name="return" func="no" />.. <KeyWord name="

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\nsis.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9507
                                                                                                                                                                                                                Entropy (8bit):4.9613812855639905
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:iRtm56tBt0VzFtJ8buX2aWul2gMEd/MbWf5gAxRPiPLf:iRtmQtL0zFtTX2aWul2gKi5zbgf
                                                                                                                                                                                                                MD5:E0BBAECAEF886220CD62CB505D149D9E
                                                                                                                                                                                                                SHA1:732E8CBD483FDD0C31C825930C3DC3C4C23B065D
                                                                                                                                                                                                                SHA-256:55C3CA2340AAACC64E33FFB40EF45EE82D1487BF0219592952C65009CEDDCB47
                                                                                                                                                                                                                SHA-512:3B1FD85D53AABC583829C7153DB553B5953D39AFEB9980D85A98B4B30E594C81C8F39C6CEADCFA10CBF01A7F92D26404B91B084B492FB58AAA6B15EEF193DDCD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="!addincludedir" />....<KeyWord name="!addplugindir" />....<KeyWord name="!appendfile" />....<KeyWord name="!assert" />....<KeyWord name="!cd" />....<KeyWord name="!define" />....<KeyWord name="!delfile" />....<KeyWord name="!echo" />....<KeyWord name="!else" />....<KeyWord name="!endif" />....<KeyWord name="!error" />....<KeyWord name="!execute" />....<KeyWord name="!finalize" />....<KeyWord name="!getdllversion" />....<KeyWord name="!gettlbversion" />....<KeyWord name="!if" />....<KeyWord name="!ifdef" />....<KeyWord name="!ifmacrodef" />....<KeyWord name="!ifmacrondef" />....<KeyWord name="!ifndef" />....<KeyWord name="!include" />....<KeyWord name="!insertmacro" />....<KeyWord name="!macro" />....<KeyWord name="!macroend" />....<KeyWord name="!macroundef" />....<KeyWord name="!makensis" />....<KeyWord name="!packhdr" />....<KeyWord name="!pragma" />....<KeyWord name="!searchparse" />....<KeyWor

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\perl.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (712), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):61307
                                                                                                                                                                                                                Entropy (8bit):4.950606368549611
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:8M263BVxlENiZdLoxo++t2cXAoaE4Q/w/vZu2cBce9OWQ96:Rz2KzTlHBceiQ
                                                                                                                                                                                                                MD5:7244330F73419EC66D6B913D4FFC7714
                                                                                                                                                                                                                SHA1:9AAD4D2EFA042F65C11BACC115640718EBA6E94A
                                                                                                                                                                                                                SHA-256:EF80E0AC62039ADB2AE768D9EF4DBF9D42C9FAAAB9ECB7E2E5F37C1C3A5CC2BF
                                                                                                                                                                                                                SHA-512:89A27341EAB727CCC60947901D61BAC6BA55FF663A7D181C886E8A220225B1FF8FC8F3E4E25E08AB24635755747850877D5958C5CAA3872EEA64DDCAE5A5C0DC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" />....<KeyWord name="-BGCOLOR=>" />....<KeyWord name="-absolute=>" />....<KeyWord name="-action=>" />....<KeyWord name="-align=>" />....<KeyWord name="-alt=>" />....<KeyWord name="-anchor=>" />....<KeyWord name="-author=>" />....<KeyWord name="-background=>" />....<KeyWord name="-base=>" />....<KeyWord name="-bgcolor=>" />....<KeyWord name="-border=>" />....<KeyWord name="-borderwidth=>" />....<KeyWord name="-boundary=>" />....<KeyWord name="-cellpadding=>" />....<KeyWord name="-cellspacing=>" />....<KeyWord name="-checked=>" />....<KeyWord name="-class=>" />....<KeyWord name="-code=>" />....<KeyWord name="-colheader=>" />....<KeyWord name="-color=>" />....<KeyWord name="-colspan=>" />....<KeyWord name="-columns=>" />....<KeyWord name="-command=>" />....<KeyWord name="-compact=>" />....<KeyWord name="-content=>" />....<KeyWor

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\php.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):432132
                                                                                                                                                                                                                Entropy (8bit):4.856851245177337
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:VgUWDs7TpjPYpns+HO+9ZqyfWuE9ljvV/tHr0yLaKjY8FklZ+MS1dKcKcweuZmY0:jTVUZHO+9ZqyfWRjvdt2OOZZ0
                                                                                                                                                                                                                MD5:6B2771871613A21F39229F3649E87CD2
                                                                                                                                                                                                                SHA1:696E876FBB3F1A588BB61CA994DFE087FC0B91FD
                                                                                                                                                                                                                SHA-256:3E1454B2B15969434E935EFE6F9746092CE9F2EC0F9CDEAC32B904AF52D46907
                                                                                                                                                                                                                SHA-512:AABC8E5A2F31564ADB37FB5807C4FFF80828F2BF40369ABAEFE32E93707159BC50DF91507ECD20CCCC8A07E3208E9F10CDB818AAC14B39DEDC767F75F4374E80
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..@author. Geoffray Warnants - http://www.geoffray.be..@version.1.35.20100625..-->..<NotepadPlus>...<AutoComplete>....<KeyWord name="__halt_compiler" func="yes">.....<Overload retVal="void">......<Param name="void"/>.....</Overload>....</KeyWord>....<KeyWord name="abs" func="yes">.....<Overload retVal="number">......<Param name="mixed number"/>.....</Overload>....</KeyWord>....<KeyWord name="acos" func="yes">.....<Overload retVal="float">......<Param name="float number"/>.....</Overload>....</KeyWord>....<KeyWord name="acosh" func="yes">.....<Overload retVal="float">......<Param name="float number"/>.....</Overload>....</KeyWord>....<KeyWord name="addcslashes" func="yes">.....<Overload retVal="string">......<Param name="string str"/>......<Param name="string charlist"/>.....</Overload>....</KeyWord>....<KeyWord name="addslashes" func="yes">.....<Overload retVal="string">......<Param name="string str"/>.....</Overload>....</KeyWord>....<KeyWo

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\powershell.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):88004
                                                                                                                                                                                                                Entropy (8bit):5.116037264983878
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:RFasdFb9gjqzqcJJrpUdw483wp7+DB4rBk12IrlUM5VId1w2VmK7xF6Q92:RFaGgjaJFpe6gpCo22IrlUMkYK7W
                                                                                                                                                                                                                MD5:D161F77EA1500DE3D863BE2E0F91E16C
                                                                                                                                                                                                                SHA1:BCBC709C300B8D90579775933AA7DA57CB40A636
                                                                                                                                                                                                                SHA-256:6123E3294CCFC27143361426EB5874E8EFAE8A31B26E0078776DAF82CF74D8B0
                                                                                                                                                                                                                SHA-512:45888264467A2F0E9C5C2EBB2FD69AE04F699D75678D1D68420ECEC2CB4204A768673ACBDCEB3C1A091318004E19AF31F9A73DD7277AA7A9ECD6CCD9773AAF26
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..@author Arkadiusz Michalski (webref.pl)..@version 06.12.2022..@PSVersion 5.1.22000.832..@PSEdition Desktop..-->..<NotepadPlus>...<AutoComplete language="PowerShell">....<Environment ignoreCase="yes" />...... Syntax keywords taken from https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_keywords -->....<KeyWord name="begin" />....<KeyWord name="break" />....<KeyWord name="catch" />....<KeyWord name="class" />....<KeyWord name="continue" />....<KeyWord name="data" />....<KeyWord name="do" />....<KeyWord name="dynamicparam" />....<KeyWord name="else" />....<KeyWord name="elseif" />....<KeyWord name="end" />....<KeyWord name="enum" />....<KeyWord name="exit" />....<KeyWord name="filter" />....<KeyWord name="finally" />....<KeyWord name="for" />....<KeyWord name="foreach" />....<KeyWord name="function" />....<KeyWord name="hidden" />....<KeyWord name="if" />....<KeyWord name="in" />....<KeyWord

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\python.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (1067), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):61578
                                                                                                                                                                                                                Entropy (8bit):5.142923848433745
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:j0IHh1OHnj/FK8Rij4e1ihntwjjMMKTcDCFTQy4rLdzZb6XeV:n1OjQ4sidtwjAMMcDCFTzudN6XeV
                                                                                                                                                                                                                MD5:FA2CFE74E8D1F0CE494FF3F01D55EA68
                                                                                                                                                                                                                SHA1:6891483F0A2DA2FB0BF80F457A8F620B08C43498
                                                                                                                                                                                                                SHA-256:23ADD5AF4A1C87485D4886419021F8842B2DA6B44962B024C0BD83B3B782B380
                                                                                                                                                                                                                SHA-512:F2AA847AEDC91367EA0C923BC6BBEBAE75BBCB5D233D4C27633D3C821D8A18405B0919355D0253197C4E2F2FBB97DC730C5FA0ED8CC49120F1B1C60A0B6FE19E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>... ...@author Gregori Gerebtzoff...@version 1.2...-->..<NotepadPlus>...<AutoComplete>....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," additionalWordChar = "." />....<KeyWord name="ArithmeticError" func="yes">.....<Overload retVal="" descr="Base class for arithmetic errors.">.....</Overload>....</KeyWord>....<KeyWord name="AssertionError" func="yes">.....<Overload retVal="" descr="Assertion failed.">.....</Overload>....</KeyWord>....<KeyWord name="AttributeError" func="yes">.....<Overload retVal="" descr="Attribute not found.">.....</Overload>....</KeyWord>....<KeyWord name="BaseException" func="yes">.....<Overload retVal="" descr="Common base class for all exceptions">.....</Overload>....</KeyWord>....<KeyWord name="BufferError" func="yes">.....<Overload retVal="" descr="Buffer error.">.....</Overload>....</KeyWord>....<KeyWord name="BytesWarning" func="yes">.....<Overload retVal="" descr="Base class for warnings

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\raku.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):23440
                                                                                                                                                                                                                Entropy (8bit):4.89743873241771
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:UlJvn7L+Tqq8jGjVrN0FJq9jciE07SQ4M4R+nEueTvhBo7be/AEUF:8n+Tqq8jGjYKcc714M4cEueTJBo7b/1F
                                                                                                                                                                                                                MD5:3204AAD1FDD74450017479C0AA953E56
                                                                                                                                                                                                                SHA1:4989C951AC3A51BA130E5DCE7554305F681745A5
                                                                                                                                                                                                                SHA-256:20809301E7D81E43AD38755A07801D290B07062CC7A0775C1101D0DD9847437F
                                                                                                                                                                                                                SHA-512:BFB8C2F7A4F5C999B6A731FBAB357CF4EC89A98833939B3D5F64E24BC2549909604D5DCE2D2FD396E7ACA82FD83B43FCF95C9006106C88E70EDCD1CED3F83C2C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<Environment ignoreCase="no" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" />....<KeyWord name="ACCEPTS" />....<KeyWord name="AST" />....<KeyWord name="AT-KEY" />....<KeyWord name="Any" />....<KeyWord name="Array" />....<KeyWord name="Associative" />....<KeyWord name="Attribute" />....<KeyWord name="BEGIN" />....<KeyWord name="Backtrace" />....<KeyWord name="Backtrace::Frame" />....<KeyWord name="Bag" />....<KeyWord name="BagHash" />....<KeyWord name="Baggy" />....<KeyWord name="Blob" />....<KeyWord name="Block" />....<KeyWord name="Bool" />....<KeyWord name="Buf" />....<KeyWord name="CATCH" />....<KeyWord name="CHECK" />....<KeyWord name="CONTROL" />....<KeyWord name="CX::Done" />....<KeyWord name="CX::Emit" />....<KeyWord name="CX::Last" />....<KeyWord name="CX::Next" />....<KeyWord name="CX::Proceed" />....<KeyWord name="CX::Redo" />....<KeyWord name="CX::Return" />....<KeyWord name="CX::Succeed"

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\rc.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1635
                                                                                                                                                                                                                Entropy (8bit):5.085032646652617
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c/9R9R9GTRhAH1Msi4b0nTu9ngI1GfsNnkvaTQTlhsFeTQmVhXkBzSgl3fbITITn:uT9mJI/basj
                                                                                                                                                                                                                MD5:893BB156418E493613201FB414699010
                                                                                                                                                                                                                SHA1:BDDEEE9258A1BA943D52199F552F2E2CBA6A8F0B
                                                                                                                                                                                                                SHA-256:CD8750AAAA3B70D9E9CE22232B8AC5F5C4E1E13C4261894A1D8E32C22AE8657E
                                                                                                                                                                                                                SHA-512:5DD648CCF074F4F07B8DA1C8C3A2BC9BB56A8DAB3922D1B848801B1EAA816C44FA2D7F0D20A3DE65ED957F0C4EBA99BDB94DDAAF7BE4EC1E58782E95848DB98A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="ACCELERATORS" />....<KeyWord name="ALT" />....<KeyWord name="AUTO3STATE" />....<KeyWord name="AUTOCHECKBOX" />....<KeyWord name="AUTORADIOBUTTON" />....<KeyWord name="BEGIN" />....<KeyWord name="BITMAP" />....<KeyWord name="BLOCK" />....<KeyWord name="BUTTON" />....<KeyWord name="CAPTION" />....<KeyWord name="CHARACTERISTICS" />....<KeyWord name="CHECKBOX" />....<KeyWord name="CLASS" />....<KeyWord name="COMBOBOX" />....<KeyWord name="CONTROL" />....<KeyWord name="CTEXT" />....<KeyWord name="CURSOR" />....<KeyWord name="DEFPUSHBUTTON" />....<KeyWord name="DIALOG" />....<KeyWord name="DIALOGEX" />....<KeyWord name="DISCARDABLE" />....<KeyWord name="EDITTEXT" />....<KeyWord name="END" />....<KeyWord name="EXSTYLE" />....<KeyWord name="FONT" />....<KeyWord name="GROUPBOX" />....<KeyWord name="ICON" />....<KeyWord name="LANGUAGE" />....<KeyWord name="LISTBOX" />....<KeyWord name="LTEXT" />....<KeyWord

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\sql.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):67945
                                                                                                                                                                                                                Entropy (8bit):5.279238395325041
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:bcLBMdQbuI21T45geqiPJg+vaKOuDNWAmu64OSJGYEe/vmYZ3MEcsfPKAzlWOTWW:6BOTxgNWAo6tk2lPakl1Zhxwr4t
                                                                                                                                                                                                                MD5:FCFD333F5394896BA748F4628B4A1243
                                                                                                                                                                                                                SHA1:19DF381EA7689270865352037E04EEF344E9D9A4
                                                                                                                                                                                                                SHA-256:1B18CA570694E7128D2751A5C7F46464D8AC167BE58627A1FD61324284C15EA5
                                                                                                                                                                                                                SHA-512:0EC6F7AA6F7F1DBA5DE862AC8BE739720421534D7F8DEE181F1CAD17E6E95EB8B8AEEEE87EFDB64AEDD5B447CB7A0397BB8C0F0D85C12BB4DD3468292545BC30
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete language="SQL">....<Environment ignoreCase="yes" startFunc="(" stopFunc=")" paramSeparator="," terminal=";" />....<KeyWord name="ABS" func="yes">.....<Overload retVal="NUMBER" descr="returns the absolute value of n">.....<Param name="NUMBER n" />.....</Overload>....</KeyWord>....<KeyWord name="ACCESS" />....<KeyWord name="ACCOUNT" />....<KeyWord name="ACOS" func="yes">.....<Overload retVal="NUMBER" descr="returns the arc cosine of n">.....<Param name="NUMBER n" />.....</Overload>....</KeyWord>....<KeyWord name="ACTIVATE" />....<KeyWord name="ADD" />....<KeyWord name="ADD_MONTHS" func="yes">.....<Overload retVal="DATE" descr="returns inputdate plus months">.....<Param name="DATE inputdate" />.....<Param name="NUMBER months" />.....</Overload>....</KeyWord>....<KeyWord name="ADMIN" />....<KeyWord name="ADVISE" />....<KeyWord name="AFTER" />....<KeyWord name="ALLOCATE" />....<KeyWord name="ALL_ROWS" />....<KeyWord name

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\tex.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):67864
                                                                                                                                                                                                                Entropy (8bit):4.758865058949416
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:/w7s3ecb17ccht9yJV/ij43NJmxUOSekKT+Bthi3Q5wWv4x:/EJC
                                                                                                                                                                                                                MD5:40E183975F5E362D33BA5FFE3B5AF3DF
                                                                                                                                                                                                                SHA1:35A763370180060A8CF7E33F735C464212D7B6CC
                                                                                                                                                                                                                SHA-256:C916F03B9DEA3D64019907120D7D4EFC925E86189327BCBB89969C57934E2C23
                                                                                                                                                                                                                SHA-512:0FC37570537E291D5F65512BEDA9D140D034E33FA4079425DF7B9337526C05E8E05023CDDFE09B0A9FB52DDDE67E758F1C8C6B256019E255FA7F3A876E06C5F3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<Environment ignoreCase="no" />....<KeyWord name="Alph" />....<KeyWord name="Alpha" />....<KeyWord name="AltMacroFont" />....<KeyWord name="AmSTeX" />....<KeyWord name="Appendix" />....<KeyWord name="Arrowvert" />....<KeyWord name="AtBeginDocument" />....<KeyWord name="AtEndClass" />....<KeyWord name="AtEndDocument" />....<KeyWord name="AtEndOfClass" />....<KeyWord name="AtEndOfPackage" />....<KeyWord name="AtEndPackage" />....<KeyWord name="Bbb" />....<KeyWord name="Bbbk" />....<KeyWord name="Beta" />....<KeyWord name="BibTeX" />....<KeyWord name="Big" />....<KeyWord name="Box" />....<KeyWord name="CJK" />....<KeyWord name="CJK*" />....<KeyWord name="CJKfamily" />....<KeyWord name="Cap" />....<KeyWord name="CharacterTable" />....<KeyWord name="CheckCommand" />....<KeyWord name="CheckCommand*" />....<KeyWord name="CheckModules" />....<KeyWord name="CheckSum" />....<KeyWord name="ClassError" />....<KeyWord name="

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\typescript.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2417
                                                                                                                                                                                                                Entropy (8bit):4.169007293456003
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dfJEsZgxNbqThAkblD8Hnyyagt+eSsY9roG:cfJbaxNbqThAkbl6osG
                                                                                                                                                                                                                MD5:948B1E1B251350BABAF87A3D314DC6F3
                                                                                                                                                                                                                SHA1:E96B6C75192AAB27DC95FD80E2558F22161BF741
                                                                                                                                                                                                                SHA-256:A09F978AEBA209E18CD424D98C8BAFB6165777E3992EB09E5E7E0A26BDED4410
                                                                                                                                                                                                                SHA-512:65B1A4578ACC584B24B8F19D2B2E740A5256F37BAF643E49EF86E01CB768D3C1882244DFE6DAF1A0A46C10C0BF82689494C75CEC11CEB518C1258B0AE81D46C0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>.. <KeyWord name="abstract" />.. <KeyWord name="any" />.. <KeyWord name="as" />.. <KeyWord name="async" />.. <KeyWord name="await" />.. <KeyWord name="bigint" />.. <KeyWord name="boolean" />.. <KeyWord name="break" />.. <KeyWord name="case" />.. <KeyWord name="catch" />.. <KeyWord name="class" />.. <KeyWord name="const" />.. <KeyWord name="continue" />.. <KeyWord name="debugger" />.. <KeyWord name="declare" />.. <KeyWord name="default" />.. <KeyWord name="delete" />.. <KeyWord name="do" />.. <KeyWord name="else" />.. <KeyWord name="enum" />.. <KeyWord name="export" />.. <KeyWord name="extends" />.. <KeyWord name="false" />.. <KeyWord name="finally" />.. <KeyWord name="for" />.. <KeyWord name="from" />.. <KeyWord name="function" />

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\vb.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):17190
                                                                                                                                                                                                                Entropy (8bit):5.089420904560015
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:QH9PYGNfRR+PKXwo+V9/fXOLgHpy48XBY2mEtARtG:gnJcWtkHY48XBY2mEaRtG
                                                                                                                                                                                                                MD5:4849CA62E16D934B8BEE6A140D1EC24C
                                                                                                                                                                                                                SHA1:FFC5E961341DD925439B89D66AB23D3B0E14EABF
                                                                                                                                                                                                                SHA-256:53104B87F91458AAC8C6709B74A7CD5F0367FC6F2280B98AAA495A59E1788551
                                                                                                                                                                                                                SHA-512:019FD95D236FC1F372599D793BC076FB22830D50E9EB45C2B63DC1F4ED6355357453CB81362E3D90D375491141AFE49CA78F8CBA089AB3B10ED3F176F0B04C3C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="Abs" />....<KeyWord name="adModeRead" />....<KeyWord name="adModeReadWrite" />....<KeyWord name="ADODB.Connection" />....<KeyWord name="ADODB.Recordset" />....<KeyWord name="adOpenDynamic" />....<KeyWord name="adOpenForwardOnly" />....<KeyWord name="adOpenKeyset" />....<KeyWord name="adOpenStatic" />....<KeyWord name="ALL_RAW" />....<KeyWord name="And" />....<KeyWord name="Application" />....<KeyWord name="Application.Lock" />....<KeyWord name="Application.Unlock" />....<KeyWord name="APPL_MD_PATH" />....<KeyWord name="APPL_PHYSICAL_PATH" />....<KeyWord name="Archive" />....<KeyWord name="Array" />....<KeyWord name="Asc" />....<KeyWord name="AscB" />....<KeyWord name="AscW" />....<KeyWord name="ASP_LICENSE" />....<KeyWord name="ASP_OS" />....<KeyWord name="ASP_VERSION" />....<KeyWord name="ASP_VERSION_MAJOR" />....<KeyWord name="ASP_VERSION_MINOR" />....<KeyWord name="Atn" />....<KeyWord name="AUT

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\vhdl.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2625
                                                                                                                                                                                                                Entropy (8bit):4.616554411115757
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cNAlwCFTeynI2nMM9AzM0K5EFyHLbHlkGkOMby5rzN5ahszru0aM8sKFzfzZjvj+:6L0EqIFLdSw/Zq
                                                                                                                                                                                                                MD5:DBE0170171F2F58DEF4FD929DC9B4717
                                                                                                                                                                                                                SHA1:4FB8388A73D2106D115984938168F551BCC4A475
                                                                                                                                                                                                                SHA-256:DFFAF09EFD41B7EB9B74128585DE649C627627B404FA1925ACAA6C56709A3542
                                                                                                                                                                                                                SHA-512:0C8445D67C56514C9A906F63BD45BDCE488B601DF44C713ACC6B6C31FC16D06481F0914DDF81AF9FE989C84C6997EAA6D01D641B7FFAFAAC8DCDC943FE1D7D38
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="abs" />....<KeyWord name="access" />....<KeyWord name="add" />....<KeyWord name="after" />....<KeyWord name="alias" />....<KeyWord name="all" />....<KeyWord name="and" />....<KeyWord name="architecture" />....<KeyWord name="array" />....<KeyWord name="assert" />....<KeyWord name="attribute" />....<KeyWord name="begin" />....<KeyWord name="block" />....<KeyWord name="body" />....<KeyWord name="buffer" />....<KeyWord name="bus" />....<KeyWord name="case" />....<KeyWord name="component" />....<KeyWord name="configuration" />....<KeyWord name="constant" />....<KeyWord name="downto" />....<KeyWord name="else" />....<KeyWord name="elsif" />....<KeyWord name="end" />....<KeyWord name="entity" />....<KeyWord name="error" />....<KeyWord name="exit" />....<KeyWord name="file" />....<KeyWord name="for" />....<KeyWord name="function" />....<KeyWord name="generate" />....<KeyWord name="generic" />....<KeyWord

                                                                                                                                                                                                                C:\Program Files\Notepad++\autoCompletion\xml.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12017
                                                                                                                                                                                                                Entropy (8bit):4.690056013703438
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:JDmwg8b3lModLmml9fEjD1hASHlBHgx/WgL1Pw:JDZg8b36odLmmTfEn1aMlBAx/WSPw
                                                                                                                                                                                                                MD5:6972B2C64653B9FB254EF65871140B29
                                                                                                                                                                                                                SHA1:F2D4825AB333405A241EF41D8B71FA23432675B3
                                                                                                                                                                                                                SHA-256:1730BC85E1CD2652EA44D6DA42114937FE9FED4527B5E0CB6E2A09F47E0DA92E
                                                                                                                                                                                                                SHA-512:68E2F58928F0F7EAB10982A4DA6F8BFE8D59615F0A9E414E20E431D0F6ABF6757469C5E7399C1106D7D5BD0F6DFA9C172502F51EF3EA21E90488A3DCDD615812
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>...<AutoComplete>....<KeyWord name="abbrev" />....<KeyWord name="abstract" />....<KeyWord name="accel" />....<KeyWord name="ackno" />....<KeyWord name="acronym" />....<KeyWord name="action" />....<KeyWord name="address" />....<KeyWord name="affiliation" />....<KeyWord name="alt" />....<KeyWord name="anchor" />....<KeyWord name="answer" />....<KeyWord name="appendix" />....<KeyWord name="appendixinfo" />....<KeyWord name="application" />....<KeyWord name="area" />....<KeyWord name="areaset" />....<KeyWord name="areaspec" />....<KeyWord name="arg" />....<KeyWord name="article" />....<KeyWord name="articleinfo" />....<KeyWord name="artpagenums" />....<KeyWord name="attribution" />....<KeyWord name="audiodata" />....<KeyWord name="audioobject" />....<KeyWord name="author" />....<KeyWord name="authorblurb" />....<KeyWord name="authorgroup" />....<KeyWord name="authorinitials" />....<KeyWord name="beginpage" />....<KeyWord name="bibliodiv

                                                                                                                                                                                                                C:\Program Files\Notepad++\change.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2105
                                                                                                                                                                                                                Entropy (8bit):5.122198012446758
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:Mn70eLcmzJBUeooyAQ8/wvBUPjlLX120/n8dkhXb54uxLZUCWAerKJy:QLfoIVwpp0/Zb54EZUCfeWk
                                                                                                                                                                                                                MD5:D28275CE1D6DC3C2CA7E10EBD071FE5E
                                                                                                                                                                                                                SHA1:D1D1FB2FE46735DE570BAAEFBF85235B0DA90791
                                                                                                                                                                                                                SHA-256:92AF44A9BEAA57C84ADE1173B0C04E52E9762CC17CD33F39D4412AF26D2D42C0
                                                                                                                                                                                                                SHA-512:A74A2BF16E5E5344B1C945186894868F1B7A724896C6DD4D01005C9DB5B641067FBECD012CF48199E1FB67FF9F88659F8B9579772274ED4AE7D1CBF6FFD0DDDE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Notepad++ v8.7 bug-fixes & new enhancements:.... 1. Update to scintilla 5.5.2 & Lexilla 5.4.0... 2. Fix monitoring large files with frequent writes freezing the UI issue... 3. Fix regression of multiple selections in comboboxes of Find dialog... 4. Fix a single undo reverting many changes issue... 5. Improve Styler Configurator performance considerably... 6. Fix CVE-2014-9456 (but CVE-2014-9456 is not a "Security Vulnerability")... 7. Make find dialog status messages color customizable via Style Configurator... 8. Make individual tab color customizable via Style Configurator... 9. Add new plugin command NPPM_GETNATIVELANGFILENAME & notification NPPN_NATIVELANGCHANGED for native language being changed. ..10. Fix Folder as Workspace sorting problem for network storage (Samba, WebDAV, WSL, etc.)...11. Fix closing unsaved clone document causing periodic backup loss issue...12. Fix Style Config's "User-defined keywords" not being saved properly after emptying it...13. Add user-defined keywo

                                                                                                                                                                                                                C:\Program Files\Notepad++\contextMenu.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4928
                                                                                                                                                                                                                Entropy (8bit):4.9510176791704135
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:NG9IVG03Fs6+f/q+f/V+f/f+f//+f//+f/t+f/hVxSVJFYD6Fsg66P6618hIWH6U:ZM03Fs6+f/q+f/V+f/f+f//+f//+f/tu
                                                                                                                                                                                                                MD5:FDE4CC09D1C18C6CD7C1A4878E89D27E
                                                                                                                                                                                                                SHA1:22FBA21B254FED1A60DA5DE2B8AF3CF6E132B647
                                                                                                                                                                                                                SHA-256:43AC0B7BA9B1F91FD8D4841B8119344E6212B307A1DECCCF61658F31D38BB425
                                                                                                                                                                                                                SHA-512:FCC87B93CB4DD0949E82EDB7D2788D7ABD317F9F4C5F046CEBA1CD85A64B12B29C6BABA3E8646265DB02A48A2DC20C3B5E893A1334D9B1E91D26692B4E9C2D29
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..By modifying this file, you can customize your context menu popuped as right clicking on the edit zone...It may be more convinient to access to your frequent used commands via context menu than via the top menu.....Please check "How to Customize the Context Menu" on:..https://npp-user-manual.org/docs/config-files/#the-context-menu-contextmenu-xml..-->..<NotepadPlus>.. <ScintillaContextMenu>.... ....Use MenuEntryName and MenuItemName to localize your commands to add. ....The values should be in English but not in translated language.....(You can set Notepad++ language back to English from Preferences dialog via menu "Settings->Preferences...")....-->.. <Item MenuEntryName="Edit" MenuItemName="Cut"/>.. <Item MenuEntryName="Edit" MenuItemName="Copy"/>.. <Item MenuEntryName="Edit" MenuItemName="Paste"/>.. <Item MenuEntryName="Edit" MenuItemName="Delete"/>.. <Item MenuEntryName="Edit" MenuItemName="Sele

                                                                                                                                                                                                                C:\Program Files\Notepad++\contextMenu\NppShell.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):380760
                                                                                                                                                                                                                Entropy (8bit):6.299969036175826
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:LCBAY0J+lPcB+hb5TnehFpKTA9vrrLimev:+6Y0J+lEB+htUFpK8c
                                                                                                                                                                                                                MD5:6E60B8D52EF7BF93DEA8E891C55BCD45
                                                                                                                                                                                                                SHA1:16D52CA5198E94AEFF04EF35FB3293F503379BB4
                                                                                                                                                                                                                SHA-256:26BD83C6F40D457ACCEB9857891D3F04A981C2C3A572B206F7774B4E4CA64C16
                                                                                                                                                                                                                SHA-512:0296D5C8B37214831D5A5187DB58F2ECFD1AE44062CA4405C627D88184F96A4457D0D35859BFB394F6B552ADB494D5134258FE68DA925E919FDEBD5DC9940AB6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l..a...a...a......a.....Fa..4....a..4....a..4...a......a......a......a...a..Ba.......a.......a.......a...a...a.......a..Rich.a..........PE..d...Y..f.........." ...(.....(.......v....................................................`......................................... !.......!..........(........2......X)..............p...............................@............................................text...,........................... ..`.rdata..2...........................@..@.data...DN...@...2... ..............@....pdata...2.......4...R..............@..@.rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\contextMenu\NppShell.msix

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=store
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):58896
                                                                                                                                                                                                                Entropy (8bit):7.9808230227311485
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:WHbmqec/OM0CM4ZRV8jwbtteYu1gyJUe8R5/qAY0:WHbnBvrZRujwiYfFRt
                                                                                                                                                                                                                MD5:4606E2A2F0B17ECEE0AF92EEC412E95C
                                                                                                                                                                                                                SHA1:AE0E7EDE6513CC3922E6F5462C1632A80B379C73
                                                                                                                                                                                                                SHA-256:B2F5292E9807BF85CCA24DBA8895BE8FFC1B673BBF24AF766714A346E3C58E75
                                                                                                                                                                                                                SHA-512:956C3BB83EB0245460B6A470E7DDD2891419E64EDF1613765D1ABB436F8A890652F083B50253566FE964BA132C9B79B7A4D0F00401715193B8694C709DFF21C3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:PK..-.......X................Square150x150Logo.png.PNG........IHDR.............<.q.....sRGB.........gAMA......a.....pHYs..........o.d...#IDATx^...$E.=.u..<7...Y.,9g$.. >."I....s....PA..(...%#.X6..NN=...N..e...}*...v.v.:u..UU..W....Zc.U.*|f8q.....k.J...%nc.W...czz>F@'.i.....)}..........;f.#6.....'.a4V.._..,<u.q.X.m.....go..{.M..}..LP}Eg_.O..O..CO9.%....&/Gm[.*....H.X|..._\Y....U.q....U.*.....^j9s........:.t.).....d..ok.<...?.....U.7.3s....W:..|3.ZZ..X...G.].k.V).E\w.U,.....q...X_.q.O..U.B..?...E.r.v5Ms`...@4*v....3.._......Ab.....U..p.a..3.z........^./...L.jh`-.q\#...]O.......Z...........c..n.].;::.....Ii.-..o,.--Ru]........S...~......~......W.c...Cab.o~s...7+..m.z..G..wt+.oo...l.t7.[.`..-._...0..Y.1s..MMMR.T.Z.&..QI.......Yw..[Z>.y.....{.m...[....T.i.%....h.D....Y..].x|8..A.&................`.'.U....1....qfc....~).C1...&.Z....@zJ..J....Y..9...3....&.....x...5]x<..y!R]..v3....99..?J.....}O...o.........mxx.-..Z.P@>..H(ddFF.....f.:k.q.

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\ada.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3646
                                                                                                                                                                                                                Entropy (8bit):4.714976623567849
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cgb441ZzfqGj9lcW9rJk/QZLhf9VLyNIMNo5fMLYP82B+sgi+hAtN7h3bPzgHoVA:nb443fqGjLLhbhVBfusyqDsT
                                                                                                                                                                                                                MD5:B61E91B1EE125159B517B88DD04C7E4A
                                                                                                                                                                                                                SHA1:4FD14D4372DF751EEF802BDA7E7D7B815742EC1E
                                                                                                                                                                                                                SHA-256:B5AC09267D7BAB91B56F47CB44DE8C8C0FB951CF9735F2245757DA842CD2052A
                                                                                                                                                                                                                SHA-512:629EC857D5D8F950A56F4931186B4BD45F664222150A4FCC492D7E6DFC672D3690D8672A5C59C603BA31A37095745BB2DF4D6FBC410D7D2D8D71155E5ABDBCE9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ....| Complies to ADA 2022....| http://www.ada-auth.org/standards/overview22.html....| Based on:....| http://stackoverflow.com/questions/32126855/notepad-and-ada....\-->....<parser.....displayName="ADA".....id ="ada_syntax".....commentExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`).........(?m-s:-{2}.*?$) # Single Line Comment........"....>.....<function......mainExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`)........^\h*

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\asm.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1349
                                                                                                                                                                                                                Entropy (8bit):4.301309332050627
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjzDlKtYPqxFRk3oN+cSdf1qxFRk3oN+NmJSGT1jNVTgIiP:c2DlKtqwFy39cSdtwFy39NmJSqTV0zP
                                                                                                                                                                                                                MD5:2C5F4897D7F169E06AEA28310C8AB9EC
                                                                                                                                                                                                                SHA1:EDFD3F6FAF838194DE9821EFD0FE185FFB6BE0F0
                                                                                                                                                                                                                SHA-256:73526DDB1D23D595680BADD6BD87F5DD82869606A7CF7E8707758D48D848257E
                                                                                                                                                                                                                SHA-512:00AFE567F35B2D04278620A5F21EE4975710F5BDB6F407E493FFD899A03E430B656094B891CC43F9B6C6C57CEE5099E5DF42B7F8593CDE930CD6EEB0D1EB9483
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ==================================================== [ Assembly ] -->......<parser.....displayName="Assembly".....id ="assembly_subroutine".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?m-s:;.*$) # Single Line Comment........"....>.....<function......mainExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........(?m)^\h* # optional leading whitespace........

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\autoit.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1848
                                                                                                                                                                                                                Entropy (8bit):4.587286402707127
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cH4f2IzcRqwFy392rOLgtwFy39NmJSEqGLi+8YKC:04uIzcRhFy3MeFy3Lmz
                                                                                                                                                                                                                MD5:99A0630A10AB4EE883554DC6BD9E2D91
                                                                                                                                                                                                                SHA1:63C842CE0DF36D51082B61C2C682ABCFC9D98E67
                                                                                                                                                                                                                SHA-256:32AE9531405EF3C59448FE6DBD3BE435E726EB17F3CA0D16530A4C6317DEA286
                                                                                                                                                                                                                SHA-512:D7715D678B7615A3027481DBEE6FDBEDD226E03DE5B6D58BB325332D20A0B6D189E46020F8B7C941C5656DF867CFE2CDB9E456630D9F4EE9BD57DC60DBB64CC5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ===================================================== [ AutoIt3 ] -->...... ....| Based on:....| https://sourceforge.net/p/notepad-plus/discussion/331753/thread/5d9bb881/#e86e....\-->....<parser.....displayName="AutoIt3".....id ="autoit3_function".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?is:\x23cs.*?\x23ce) # Multi Line Comment........|.(?m-s:^\h*;.*?$) # Single Line Comment........"....>.....<function......mainExpr="(?x)

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\baanc.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8513
                                                                                                                                                                                                                Entropy (8bit):4.463331316296287
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:WHOFlyojld9bU+7OMtCBBT4AeIhw95Xp7NedYyP4LAaRyoEpRdTvFS8yudLsQJSp:WPuNCMKOgw95JmYsaAbLXLLcN
                                                                                                                                                                                                                MD5:0FCE87843F5245BD9A4D5DDCE156C7C4
                                                                                                                                                                                                                SHA1:CEAD1BAD691B0D4722E05312CE752C4FEFBDAD1B
                                                                                                                                                                                                                SHA-256:EC249B0DAB6FDA20CC24F0F25A504C55A05B23FB6CBB4938AA7A41DF0C8744B6
                                                                                                                                                                                                                SHA-512:88632D6E77A59ADFAC495545D215519B6CB8146303D363C6B055C3ABAB3938F1237DD7E0E2D501776ECAE1FA86083F0264AD67041CC41685831BE0FB61E5ED73
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ======================================================= [ BaanC ] -->........ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~....|.Based on:....|..https://notepad-plus-plus.org/community/topic/14494/functionlist-classrange-question....|....|.Note(s):....|.1..Boost::Regex 1.58-1.59 do not correctly handle quantifiers on subroutine calls....|..therefore the additional non-capturing group i.e. "(?:(?&amp;COMMENT))?" instead....|..of simply "(?&amp;COMMENT)?"....\-->....<parser.....displayName="BaanC Sections".....id ="baanc_section"....>.....<classRange......mainExpr="(?x

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\bash.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2999
                                                                                                                                                                                                                Entropy (8bit):4.775001586440059
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cWqwFy39CoiHM4nTprsU42osf4twFy39NmJS/F7TfsgOTh5LkNnXTV4VktML4rkM:xhFy35iss9dFy3LmFe5P4dBo
                                                                                                                                                                                                                MD5:162DED022D600DCF4BA4B7E9AC6917A2
                                                                                                                                                                                                                SHA1:762291F4F4E66573811C8EF757A64BDA8A4BBA09
                                                                                                                                                                                                                SHA-256:2AE1142B08D296C25000E451237EA919F981DA28F6A723D39540F43F18BAC762
                                                                                                                                                                                                                SHA-512:6B66A312F34900F404F31DD4F675B00C3E2F6FD1F4BF1F7163D9B65FB476FBA94E6D140EE738E6F406B77CFF4C1C219C29198FA52D043D12ECE778EBB6558A63
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ======================================================== [ Bash ] -->.... BASH - Bourne-Again Shell -->......<parser.....displayName="Bash".....id ="bash_function".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?-s:(?:^\x23[^!]|^\h*\x23|\h+\x23).*$) # Single Line Comment........|.(?s:\x22(?:[^\x22\x5C]|\x5C.)*\x22) # String Literal - Double Quoted........|.(?s:\x27[^\x27]*\x27) # String Literal - Single Quoted..

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\batch.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1930
                                                                                                                                                                                                                Entropy (8bit):4.165677309916883
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cBqwFy396GtwFy39dq4c7iv/SpqNN8oT6QHzP:GhFy3yFy3Hm0Nb
                                                                                                                                                                                                                MD5:0BA94312E694BA6DDB313095678B7159
                                                                                                                                                                                                                SHA1:0FAA0CF4DF8A9569252E37DE821A3E45A65F5C97
                                                                                                                                                                                                                SHA-256:77EED9211CD8464482F0DA3FAC4C0F003C2B8A6D76F15445927E66400F102D60
                                                                                                                                                                                                                SHA-512:135C0E9EA0FB17B5F0E08CA3415D6938AD38D2825E5029A1A4DD9ACBA0FB152BD7A9F9DCA76B24B950FD07239C91BD6B82B6F4442768939A1D8B83F7AAA279A2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ================================ [ Batch / Command Shell Script ] -->......<parser.....displayName="Batch / Command Shell Script".....id ="batch_label".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?m-s:(?i:REM)(?:\h.+)?$) # Single Line Comment 1........|.(?m-s::{2}.*$) # Single Line Comment 2........"....>.....<function......mainExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)..

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\c.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4133
                                                                                                                                                                                                                Entropy (8bit):4.729161334321788
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:fhFy32/iyFFy34Q104hrhkTHkRUQHFy3uNH:LyszyoQuYhkTEBlysH
                                                                                                                                                                                                                MD5:9AEB2C0DC00ADAEDE0E06F24080F233E
                                                                                                                                                                                                                SHA1:B2FE11701A83DA1B608B63B051B9073F4A194E4F
                                                                                                                                                                                                                SHA-256:F3A7E5E59E883A3EF6C99967766A546D55DD7A767FADB9F4D433CEDF0555E992
                                                                                                                                                                                                                SHA-512:A3011016815EE747574DC940624176D0344141C65CB472C43EFB1CF92AE11C5189B9F74228196CECE20171F2E33A478428B543A32BF924F57668F90E474A79CD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... =========================================================== [ C ] -->....<parser.....displayName="C".....id ="c_function".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?s:\x2F\x2A.*?\x2A\x2F) # Multi Line Comment........|.(?m-s:\x2F{2}.*$) # Single Line Comment........|.(?s:\x22(?:[^\x22\x5C]|\x5C.)*\x22) # String Literal - Double Quoted........|.(?s:\x27(?:[^\x27\x5C]|\x5C.)*\x27) # String Literal - Single Quoted........".

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\cobol-free.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1772
                                                                                                                                                                                                                Entropy (8bit):5.116994008814909
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cq0O00h8GhMh2GFVpChnoDIz5o79ghwFy39nW55M:J/hjGkhnoDI27yeFy3wM
                                                                                                                                                                                                                MD5:0B82534CDD9FFEC3E57D80CE95A49293
                                                                                                                                                                                                                SHA1:C07E6C127653B7D9604B3F53274D562D3084E19A
                                                                                                                                                                                                                SHA-256:5639C845D56DEDECD2CFDB082B734593B5D618A87F1BD8EC612A8B3F4245566A
                                                                                                                                                                                                                SHA-512:416246D5704F1CC10A934F9606119F223775E2120A92867CC3916DDDD783C862BAA1DCBE63343BFCB141F7ED7DAF6894F0088B9086FCC2A6620872BC10DDE299
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... Variant for COBOL free-form reference format -->....<parser id="cobol_section_free" displayName="COBOL free-form reference format">..... working comment Expression:....... commentExpr="(?m-s)(?:\*&gt;).*$"...... cannot be used because problems with comment boundaries...... in current FunctionList implementation, for details see...... https://sourceforge.net/p/notepad-plus/patches/597/.....-->..... Variant with paragraphs (don't work with comment lines...... before section/paragraph header, can be activated when...... comment boundaries work and the commentExpr is used) -->..... .....<f

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\cobol.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1368
                                                                                                                                                                                                                Entropy (8bit):5.114691040294035
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjPDt/8qxFRk3oN+Zm/gs5Ard4b51oExIa4j4b5b:cG98wFy39Y/gswM51oW5H5b
                                                                                                                                                                                                                MD5:42E52D6BCC674ECACA09FEABF0C46DC2
                                                                                                                                                                                                                SHA1:FAB3E864A8F51497E9FEBFE1C47C9058DDD7B137
                                                                                                                                                                                                                SHA-256:057784451E3442F381F6A8AF931A7050F88D19BDA6BC939D37607532A353DA1C
                                                                                                                                                                                                                SHA-512:FC3276F282E72761E8CC8F6B63EE1807FEC58AD8DF21379556103CF61E465A4728BCCEDF60D63370A3BFE1FAAF06AB1A35DF772D1B848214D52CCB504787369C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... Variant for COBOL fixed-form reference format -->....<parser id="cobol_section_fixed" displayName="COBOL fixed-form reference format">.....<function......mainExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).......(?m-s)(^.{6}[ D]) # ignore first 6 columns, 7 must be empty or D (debug-line).......([\t ]{0,3}) # don't start after column 12.......(?!exit\s)[\w_-]+(\.|((?'seps'([\t ]|\*&gt;.*|([\n\r]+(.{6}([ D]|\*.*)|.{0,6}$)))+)section(\.|((?&amp;seps)(\.|[

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\cpp.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18515
                                                                                                                                                                                                                Entropy (8bit):3.677886851060485
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:3TVnaAYXLUU14H0JTMyFWCsvws6gr6zWUIT:36LtieTMyFWCw7/6zWU0
                                                                                                                                                                                                                MD5:C794BB828625F83122E89B24BBC5F0C8
                                                                                                                                                                                                                SHA1:5B7D579CE72746284DCD1C71E7751CC32AE06C01
                                                                                                                                                                                                                SHA-256:40CF1AF5650B699A947899D2B43A00DCB64CDEAF080651C82A7930910C1C03F4
                                                                                                                                                                                                                SHA-512:731D6AB1EEB613CB437321EB2162A99D30A3263997AD98D4D7432FEB4B747DF36E7E208D2ADAF12AC7B394F6E2272FC0803445DDB1373D15BD07A4831E3AB317
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ========================================================= [ C++ ] -->....<parser.....displayName="C++".....id ="cplusplus_syntax".....commentExpr="(?s:/\*.*?\*/)|(?m-s://.*?$)"....>.....<classRange......mainExpr="(?x) # use inline comments.......^[\t\x20]* # leading whitespace.......(template\s*&lt;\s*[\w\t\x20\(\)\=\.:,&lt;&gt;]*\s*&gt;\s*)? # template parameters.......(class|struct) # cla

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\cs.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (514), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1834
                                                                                                                                                                                                                Entropy (8bit):5.282301150064052
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjE4Q274HYERLbcRTRD54tx4S4d57vPnNiVMt6E9VRwN90WPFgQigYtQGtG:cx4Q28ZZUFGnaDAZD5u4YhV0b
                                                                                                                                                                                                                MD5:0F35EE0CB20A383942B7EA9A0DC91B61
                                                                                                                                                                                                                SHA1:2770947A577F53C16F25B36BA30E6F94FB0E8209
                                                                                                                                                                                                                SHA-256:59345C006CD9BDE5EF532AAE1F119758D45030993181C272BB0DD6FC0C5D01E5
                                                                                                                                                                                                                SHA-512:3753A9098AA6297AD4C85A015CF871A37E496B6C4D1C7D93C4BA46E987E6BC8944F28CBC622E0DC0FFC382ECBEDAFE23CE18B9983C19B72D1516B5FAEEEA3AAD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ========================================================== [ C# ] -->...... ....| Based on:....| http://sourceforge.net/p/notepad-plus/patches/613/....\-->....<parser.....displayName="C#".....id ="csharp_class".....commentExpr="(?s:/\*.*?\*/)|(?m-s://.*?$)"....>.....<classRange......mainExpr ="^[\t\x20]*((public|protected|private|internal)\s+)?(\w+\s*)?(class|struct|interface)[\t\x20]+[^\{]+\{"......openSymbole ="\{"......closeSymbole="\}".....>......<className>.......<nameExpr expr="(class|struct|interface)[\t\x20]+\w+" />.......<nameExpr expr="[\t\x20]+\w+" />.......<nameE

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\fortran.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1998
                                                                                                                                                                                                                Entropy (8bit):4.753059722476742
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cg4Pf3TXGPd02j9PW9yZhsrJk/+5zy54hxH7oIcOLWwmd3:n4Pf3TXGPXjw0fIVGoI
                                                                                                                                                                                                                MD5:24EFE929C0A64D0728082696EAE24E47
                                                                                                                                                                                                                SHA1:8BB52B350A31B26750B5576196DE4E1901580EC7
                                                                                                                                                                                                                SHA-256:5B324FB16C96737C266D4FEC05476017C8547E3F59A16BEBCBAC0086ED4AE14B
                                                                                                                                                                                                                SHA-512:ACAE6DFED5A4BFE747C6DCE1BC94DCEA68DD3C6E882AEF0C652BBE461EF4FE302CB4AED711ECF90D91FF0DEBDA69C0058C25D2D0A5CFE3724B5198C0F95090E0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ....| Based on:....| https://notepad-plus-plus.org/community/topic/11059/custom-functions-list-rules....| https://notepad-plus-plus.org/community/topic/13553/functionlist-xml-regular-expressions-not-parsing-properly....\-->....<parser.....displayName="Fortran Free Form style - FORmula TRANslation".....id ="fortran_freeform".....commentExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`).........(?m-s:!.*$) # Single Line Comment........"....>.....<function......mainExpr="(?x)

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\fortran77.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1618
                                                                                                                                                                                                                Entropy (8bit):4.583648728830635
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjnSYJ6oN+5+fD6oN+1oZhsrJkH7oIcpsLWwmI84a:cYSj95+W9yZhsrJkH7oIcOLWwmd3
                                                                                                                                                                                                                MD5:1CED186652B31449FA28912B79449E55
                                                                                                                                                                                                                SHA1:EFA4BE5CA2D47D70FC839B5CBBD6E313D5F31884
                                                                                                                                                                                                                SHA-256:355A07E657B68F84494B95119C4BEC782D27AF25C6B396EB1BDF61B387C55BDA
                                                                                                                                                                                                                SHA-512:89E3709C0DFC3BC7BEBCCB9A8A660B964180100612DFB7194A6DDE3457E962FE0027DE6A898DA381115E7A76DA456B82618707A4C1F13B6177AB2E0B08AE4A08
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>....<parser.....displayName="Fortran Fixed Form style - FORmula TRANslation".....id ="fortran_fixedform".....commentExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`).........(?m-s:(?:!|^[Cc*].*$) # Single Line Comment 1..3........"....>.....<function......mainExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`)........(?im-s) # case-insensitive, ^ and $ match at line breaks, dot does not........^\h*

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\gdscript.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1076
                                                                                                                                                                                                                Entropy (8bit):5.059226171481422
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjCMbuGYReMRaf4V5wgYtNL0P/Nl4NG:cpMqGWgfsFY70tlL
                                                                                                                                                                                                                MD5:1ACC6CC957F16F649E121C0CDA723FA3
                                                                                                                                                                                                                SHA1:A3CD1E1E23E235B3EF4800D646645D75B9C9E86D
                                                                                                                                                                                                                SHA-256:680D3E38277032CE81A7451C1768C40934D3EC75D9C85989922CEBAD9A5BABF6
                                                                                                                                                                                                                SHA-512:D7580584A12C8C33CBD81D5F2F8E3CB5D21E39985A59167562F0A7F6BEFA0F08B358C89DE1CABF368ED0012467A278485DB6684E4B4C883D44BB57E3E50CD7C1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>......<parser.....displayName="GDScript".....id ="gdscript_syntax".....commentExpr="(?s:'''.*?''')|(?s:\x22\x22\x22.*?\x22\x22\x22)|(?m-s:#.*?$)"....>.....<classRange......mainExpr ="^class\x20\K.*?(?=\n\S|\Z)".....>......<className>.......<nameExpr expr="\w+(?=[\s:])" />......</className>......<function.......mainExpr="\s+?func\x20\K.+?(?=:\s*?$|:\s*?#)"......>.......<functionName>........<funcNameExpr expr=".*" />.......</functionName>......</function>.....</classRange>.....<function......mainExpr="^func\x20\K.+?(?=:\s*?$|:\s*?#)".....>......<functionName>.......<nameExpr expr=".*" />......</

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\haskell.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2475
                                                                                                                                                                                                                Entropy (8bit):4.3999657601396045
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cg4PpK/oSqj93nlwpoih7BnC45cW9fhs4kodLjK5V:n4PQ/oSqjMiELDY
                                                                                                                                                                                                                MD5:39F92A5A4C65C9EBF93E23F517EC0AC9
                                                                                                                                                                                                                SHA1:0A87CAE9A01C68F1C6B955D221E8BB975FF13FCD
                                                                                                                                                                                                                SHA-256:E163C2DC738F1DF1D4029CA9F2AF7309DA19E4AD4EEFAC1212BBBA6FA0167AD4
                                                                                                                                                                                                                SHA-512:CD2059A5657890D35D227515454BD1F41A03424795256A72AEFF7B69EB39F36F3EB705EF4F1394E2113E82630A0071685AA4B943173F19082BED1730D51B9A09
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ....| Based on:....| https://notepad-plus-plus.org/community/topic/12972/trouble-with-defining-a-function-list-entry/7....|....| By convention, the style of comment is indicated by the file extension,....| with ".hs" indicating a "usual" Haskell file....| and ".lhs" indicating a literate Haskell file.....\-->....<parser.....displayName="Haskell".....id ="haskell_function".....commentExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`).........(?s: # Multi Line Comment (nesting a

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\hollywood.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                                Entropy (8bit):5.010502396289286
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TMHdYnPWrCNhAcuYAccgYwCAQPSyW5t2GKGd9BMSgIggy6mKUueGB4fdJA417zg/:2dvk7xjYW2GSSTgvmZeI41JA417zg/
                                                                                                                                                                                                                MD5:EFD9DA2ED51414FD6D99122CD6B3B190
                                                                                                                                                                                                                SHA1:ACB9C843AEC6526BF142E8CDC5FCF5C538755DC8
                                                                                                                                                                                                                SHA-256:37F68324AB750AE6DD622AE7F10596348EC70485371C27DCE25FFA886CD4E83B
                                                                                                                                                                                                                SHA-512:A091DED8CB99BA8DA4FB8EBFC0F75B94D9F83FE7B8BB3C0244D49CF0886FE42B04A47D816224852CB0CE8A19DE71078954D60983804E4F1386E3879B07860364
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ================================================ [ Hollywood ] -->......<parser.....displayName="Hollywood".....id ="hollywood_function"....>.....<function......mainExpr="((^|\s+|[{,])([A-Za-z_$][\w$]*\.)*[A-Za-z_$][\w$]*\s*[=:]|^|[\s;\}]+)\s*function(\s+[A-Za-z_][\w$:.]*)?\s*\([^\)\(]*\)[\n\s]".....>......<functionName>.......<nameExpr expr="[A-Za-z_$][\w$:.]*\s*[=]|[A-Za-z_$][\w$:.]*\s*\(" />.......<nameExpr expr="([A-Za-z_$][\w$:.]*\.)*[A-Za-z_$][\w$:.]*" />...........</functionName>.....</function>....</parser>...</functionList>..</NotepadPlus>

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\ini.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):952
                                                                                                                                                                                                                Entropy (8bit):4.8169556512880725
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TMHdYnPWrCNhAcuYAccgYwCAQPSJ/xdEPwt6HVNPRG4YGvsTy1dnjf+9B+mIEB4S:2dvk7xjXx561NPRYG0T+fa4Az
                                                                                                                                                                                                                MD5:005C5FE001E12B5B0A7F8DEE285D71FB
                                                                                                                                                                                                                SHA1:02A29FBBBFDF2166496021920E568B610395CD6E
                                                                                                                                                                                                                SHA-256:11ACF49EB9F3CB68FA7A3BB8568CEF2EB0F125700C8EDCBCD108B5810761770F
                                                                                                                                                                                                                SHA-512:E069C1111E1FBA5D07C7E20A73A678EB3ADEC48A41AC0337160D25544CCC069821954FF084EA003E14261E4F3E869730D3D3C676C79A7394C8731AC481AC6E15
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ========================================= [ Initialisation File ] -->.... File format used for: .INF / .INI / .REG / .editorconfig -->......<parser.....displayName="INI Section".....id ="ini_section".....commentExpr="(?x).........(?m-s:[;\#].*$) # Single Line Comment........"....>.....<function......mainExpr="^\h*[\[&quot;][\w*.;\x20()\-]+[&quot;\]]".....>......<functionName>.......<nameExpr expr="[^[\]&quot;]*" />......</functionName>.....</function>....</parser>...</functionList>..</NotepadPlus>

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\inno.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4404
                                                                                                                                                                                                                Entropy (8bit):4.276247975118443
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:/VFy3frejEE4Fy3tAXN8PGyzFy3fR/4ZO:XyvrejELyq98PGypyvR/4ZO
                                                                                                                                                                                                                MD5:AB1E90D098B886E9F098D7C4C82EFB9A
                                                                                                                                                                                                                SHA1:D74449A5B6B2A87D7E5564770EDFB609DF6806FD
                                                                                                                                                                                                                SHA-256:0162159B64EB092F94964FAF937F263FB9947B25D40E0D82BD3224D136A140DE
                                                                                                                                                                                                                SHA-512:9ADA739AD71DC960F91C8E75BDB77F5F9664F75FF1FB0E178E2695E5CC6207D57EAABA40D433F2C1C9A2B668D6334EA579814DF53E38E1987C6E05CBD4B0B9F5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ================================================== [ Inno Setup ] -->......<parser.....displayName="Inno Setup".....id ="innosetup_syntax"....>.....<classRange......mainExpr ="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........(?ms)........(?'SECTION_HEADER'.........^ # header starts at beginning of a line.........\[ # start of section header.........(?-i:Code) # `Code` section name.........]

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\java.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9331
                                                                                                                                                                                                                Entropy (8bit):4.320468955625824
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:8/4P0yV3+sI+KnKqenxrVyp7UresVVeHD+KnI9eb:64P0yV3c+KKqenxpyp7UreYVeHD+KI9U
                                                                                                                                                                                                                MD5:E5A76A3287909497F328B0F12CF5CE89
                                                                                                                                                                                                                SHA1:A432976D922C00717386FAFC3290CF251C8E7182
                                                                                                                                                                                                                SHA-256:2487221A75A52B4F8AA6D2E62F1C0A55A5CD5240B1CB7AAFA66FBB2042590B06
                                                                                                                                                                                                                SHA-512:6C4A7C0696F40D657435344182543AD29C39A632ACD5B9A8F14D444B301F49FBF11B00F939CC93C47D44BADA147F53E9D3BADDF7DE5888591900EBDEE44FBC89
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ======================================================== [ Java ] -->...... ....| Based on:....| https://notepad-plus-plus.org/community/topic/12691/function-list-with-java-problems....\-->....<parser.....displayName="Java".....id ="java_syntax"....>.....<classRange......mainExpr ="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........(?m)^[\t\x20]* # leading whitespace........(?:.........(?-i:..........abstract.........|.final.........|.native.........|.p(?:rivate|rotected|ublic)

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\javascript.js.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1146
                                                                                                                                                                                                                Entropy (8bit):5.123930508006021
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjflY6VTgvmZe3Jr41vVv041Y41TgL41TgLC:cIPpZe5rzvs8sV
                                                                                                                                                                                                                MD5:76BFE910EFE1727E4AFC3680CCA62773
                                                                                                                                                                                                                SHA1:9E05E76AB53EE66AA26CFE6726DB6E81C9A3BD62
                                                                                                                                                                                                                SHA-256:7C68F28C6995F47DD77596BAB28C6B4388FF93840C3BECFD37733DDB640CD0CD
                                                                                                                                                                                                                SHA-512:E34EA0261315548D828989BCBE83134531ADB712784665706514EB21248385BE59045D910EDE0101CCA104B73BCD658BC705A7879FBC464A6441B5FFD5A1B99F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ================================================ [ JavaScript ] -->......<parser.....displayName="JavaScript".....id ="javascript_function".....commentExpr="(?s:/\*.*?\*/)|(?m-s://.*?$)"....>.....<function......mainExpr="((^|\s+|[;\}\.])([A-Za-z_$][\w$]*\.)*[A-Za-z_$][\w$]*\s*[=:]|^|[\s;\}]+)\s*function(\s+[A-Za-z_$][\w$]*)?\s*\([^\)\(]*\)[\n\s]*\{".....>......<functionName>.......<nameExpr expr="[A-Za-z_$][\w$]*\s*[=:]|[A-Za-z_$][\w$]*\s*\(" />.......<nameExpr expr="[A-Za-z_$][\w$]*" />......</functionName>......<className>.......<nameExpr expr="([A-Za-z_$][\w$]*\.)*[A-Za-z_$][\w$]*\." /

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\krl.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3037
                                                                                                                                                                                                                Entropy (8bit):5.074271255433372
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:coRa/d08qwFy39cSdtwFy39c61+uxSoU20m7aBoow5BcoqezK4wZzh3k+Tg79Nje:NRa/d08hFy3WFy3mLAreU6h+Ikw
                                                                                                                                                                                                                MD5:2B3193BD7B701ACAAB61A9B18A349EA5
                                                                                                                                                                                                                SHA1:56F8DE4BD5EA8798F06EBD9BA6C8159CC66B287D
                                                                                                                                                                                                                SHA-256:C158322BD963D2A68FFC878D72213A7394D8C16DE72279771FFC924365EEC0DF
                                                                                                                                                                                                                SHA-512:303FD7C56A8BE9A298212141694C3E50AE2B969791DC345362F9DA9A886AD33FC6CF2E410FD21696D5F0F8208DCAC42241F36DD8CFE7D18E40E32878E6A8E490
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ========================================================= [ KRL ] -->.... KRL - KUKA Robot Language -->...... ....| https://notepad-plus-plus.org/community/topic/12264/function-list-for-new-language....\-->....<parser.....displayName="KRL".....id ="krl_function".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?m-s:;.*$) # Single Line Comment........"....>.....<function......mainExpr="(?x)

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\latex.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1016
                                                                                                                                                                                                                Entropy (8bit):4.746315656228776
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dJ7xZatYG0TgfW6oN+SZblKO/xuW49GcG+Gc+3GMO7U:cwtB0Tgx9SFV/xuW49GcG+GcOGMGU
                                                                                                                                                                                                                MD5:7E355289CCEFEFDB6AA5810CD194210D
                                                                                                                                                                                                                SHA1:98CE59431F70981B3D64318AD78F219EC7D2BB21
                                                                                                                                                                                                                SHA-256:89597DB6B9F0F062CD3AB1CCBE37A590BFC173143F8E5B9D41D8904B17B4F5C2
                                                                                                                                                                                                                SHA-512:2558F7708CD2F3955900FEB2C26EADAE588EB1A1E2254E71BD07E994157534E160A727D4BC14018AF4298454BE21D13A11F954D39E7FAB041A8D3D6ACC154B01
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..| To learn how to make your own language parser, please check the following..| link: https://npp-user-manual.org/docs/function-list/..\=========================================================================== -->..<NotepadPlus>...<functionList>....<parser.....displayName="LaTeX Syntax".....id ="latex_function".....commentExpr="(?x).........(%.*?$) # Comment........"......>.....<function......mainExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`)........ (?im-s) # ignore case, ^ and $ match start/end of line, dot doesn't match newline........ \\(begin|........ part\*?|......... chapter\*?|......... section\*?|......... subsection\*?|......... subsubsection\*?|......... paragraph\*?|......... subparagraph\*?)......... {.*}".....>.....</function>....</parser>...</functionList>

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\lua.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4401
                                                                                                                                                                                                                Entropy (8bit):4.788411799569007
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:FVx64xtj7XSnowfpdP/+h/ZRYoNp+TQwUH9/kXqG8/bU6:FVxhIDfSnvNU8wyJkX8/g6
                                                                                                                                                                                                                MD5:E473531CCE3D19835B7284B7E6249259
                                                                                                                                                                                                                SHA1:8E6CFC9FB8DFD2A80EFAC5549F0C10D2F3B36FEA
                                                                                                                                                                                                                SHA-256:AAD05AC01DBE728E6FA731FCDA0C9EE0C81F4242B016A397E76EC693644E550C
                                                                                                                                                                                                                SHA-512:BD4EFB2E157F29D3B5D3170A28F7D0A8441FA861F87688C376D16796DF0051B6EA977232F4B733847B28A4B30EFAF906BECDAA8CAB7DA3EFAF440E1863AB94A4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. Copied from https://github.com/notepad-plus-plus/notepad-plus-plus/issues/4563 -->..<NotepadPlus>...<functionList>.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.....| Based on:.....| http://stackoverflow.com/questions/19246077/how-to-add-lua-functions-to-the-notepad-functionlist-xml.....|.....| Note(s):.....| 1) Multi Line Comment `Level` is supported by Lua 5.1 and above;.....| 2) Nested table view not supported;.....\-->.....<parser......displayName="Lua w/ Class"......id ="lua_syntax"......commentExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`).........(?s: # Multi Line Comment (MLC)..........(?&lt;!-) # - no preceeding dash, otherwise start of SLC..........-{2}\x5B(?'MLCLvl'=*)\x5B.*?\x5D\k'MLCLvl'\x5D.........)........|.(?m-s:-{2}(?!\x5B=*\x5B).*$)

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\nppexec.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2078
                                                                                                                                                                                                                Entropy (8bit):4.886457828785099
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c7EvgDg+1t59HbiSHYWYrN1a0cJWjymV9HFV/pNMzeSP1W7GFe3z0u:4EvgDReSZs39TRKRu
                                                                                                                                                                                                                MD5:603F30D1418849C6BBAA583F92C7A2BB
                                                                                                                                                                                                                SHA1:575217804848EC60968DB1FB1CAC28C0E8B2E247
                                                                                                                                                                                                                SHA-256:579159F6E8297268CDBE0226DE81B21FB92A282604C78315DA80BACA4F393703
                                                                                                                                                                                                                SHA-512:419FD277A7B9744C64874FA02E0D270D1110C3E7E99E9C7985B370AE8302CF575B3408897DDBE0C5C220410D4B79F84418B3D56AD76EAE2398AE11F359218F6F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ===================================================== [ NppExec ] -->......<parser.....displayName="NppExec".....id ="nppexec_syntax"....>..... Define NppExec script as the range started by a pair of colons ...... and ending right before the next pair of colons or the file's...... end, respectively.....-->.....<classRange......mainExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`)........ (?ims) # ignore case, ^ and $ match start/end of line, dot matches newline........ ^\h*........ ::........ .*?........ (?=::|\Z)........ ".....>...

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\nsis.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7125
                                                                                                                                                                                                                Entropy (8bit):4.088594412537912
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:NFFy3UFy3K7Fy3y2k5euQe1Fy3hx8QzFy3L9h3PLYPfFy3yG2Y:NyMyCyhu/PyrpyHLstyR
                                                                                                                                                                                                                MD5:792C0B92F7949C0EC61B8B06A86C5A67
                                                                                                                                                                                                                SHA1:565E8CC8005EB923DB47EB1685748C8934C77089
                                                                                                                                                                                                                SHA-256:C13743567FCFC4FA77B66E79447EDAB2D1ECC97D4DA32B655D92AE90968F2B0B
                                                                                                                                                                                                                SHA-512:7E63DFB0657765D591B43D47E1E3E0428D8D30FE97FA7615C8C921FBEDA6D33CD36AB0E8B6C27CE2D204E322DA7FC168C4BD7DEC60D5208ECB3D48BFF1195F76
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ======================================================== [ NSIS ] -->.... NSIS - Nullsoft Scriptable Install System -->......<parser.....displayName="NSIS".....id ="nsis_syntax"....>.....<classRange......mainExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........\b(?-i:SectionGroup)\b # open indicator........(?s:.*?)........\b(?-i:SectionGroupEnd)\b # close indicator.......".....>......<className>.......<nameExpr expr="(?x)

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\overrideMap.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6669
                                                                                                                                                                                                                Entropy (8bit):4.987681724656165
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:8OeDTIIy7ecYUcndL5hy9NpurVKFHerrGMCky:8sRIviDF+3GMry
                                                                                                                                                                                                                MD5:196AB029A07B98B62BB1186DCB9B5D68
                                                                                                                                                                                                                SHA1:92A9D41962A83DAD7E4359E97E8000BFA4DB2AA8
                                                                                                                                                                                                                SHA-256:FFCF91AD676EE1132F3CF118209B19F369D9B813C5E875D24A0E2DB4D4164387
                                                                                                                                                                                                                SHA-512:29B5FAE07A48599350DE294916C26DA4A8120066B88F91FDCD7A387FD40D5B717E4D3D2F471A84681371A3741547FE9F3BA60C86BDA3471E3BD8CB8F71F2C558
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>....<associationMap>.... .....This file is optional (can be removed)......Each functionlist parse rule links to a language ID ("langID")......The "id" is the parse rule's default file name, but users can override it......Here are the default value they are using:.......<association id= "php.xml"... langID= "1" />.....<association id= "c.xml"... langID= "2" />.....<association id= "cpp.xml"... langID= "3" />..(C++).....<association id= "cs.xml"... langID= "4" />..(C#).....<association id= "objc.xml"... langID= "5" />..(Obective-C).....<association id= "java.xml"... langID= "6" />.....<association id= "r

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\pascal.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10948
                                                                                                                                                                                                                Entropy (8bit):3.8566601576355715
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:/y+y+dT+a8pUc9/NMW3WHy/xN4q8obty+IwihMobG9ht:/y+y+dNMUcDJWHy/x1Hty+IwihMobG9H
                                                                                                                                                                                                                MD5:41EE6F1216094F4105291C172A687D16
                                                                                                                                                                                                                SHA1:2D5B33A1A1F68DB7EA2F3DD6753521AED8B43C64
                                                                                                                                                                                                                SHA-256:05843031CF912C16EA0D9A04A547E14A74C6237439D966FBFA6E33011E6116F7
                                                                                                                                                                                                                SHA-512:DAC88FCDA773D7DC218649CB3A4A3FB3243068EB27F67B73596584B8956E0B1BCCDCAE0BDA2AE83486AC96C55C4A3F685468B8EC963C9BC7482C55A826731150
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ==================================================== [ Pascal ] -->......<parser.....displayName="Pascal".....id ="pascal_syntax".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........ (?m-s:\x2F{2}.*$) # Single Line Comment........ | (?s:\x7B.*?\x7D) # Multi Line Comment 1st variant........ | (?s:\x28\x2A.*?\x2A\x29) # Multi Line

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\perl.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1505
                                                                                                                                                                                                                Entropy (8bit):4.628912691762543
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjA13zcKYPqxFRk3oN+Lf1qxFRk3oN+8EY7hN/kNEIa4SSW4aWC:cDx1qwFy39LtwFy398EY7hNMNE50WJ
                                                                                                                                                                                                                MD5:C7AD8ABE956FBCC3CAB1BDB82F457729
                                                                                                                                                                                                                SHA1:8644C5344A3CE147ADD01D61A943FCD0BAD099FB
                                                                                                                                                                                                                SHA-256:6558013F984E594BB57534910CE0B17BFA15DA3CC9BB4B6E0B5C6E4DDF9EB14E
                                                                                                                                                                                                                SHA-512:5150B0082840DD85C293969308BEA80FE650170510B016D994DE060DADFA9A4C584D888C0991961859B52A239D8216A1A1364CB87D4D8292E87CCB2F3C0703A5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ======================================================== [ PERL ] -->.... PERL - Practical Extraction and Reporting Language -->......<parser.....displayName="PERL".....id ="perl_function".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?m-s:\x23.*$) # Single Line Comment........"....>.....<function......mainExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........sub........\s+.......

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\php.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10000
                                                                                                                                                                                                                Entropy (8bit):4.759567295246344
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:z3vHnIgJuaUkP9nhnNHnIgJuaIvHCiIUiZCg:jHILaUkPnnNHILaIvHLIDCg
                                                                                                                                                                                                                MD5:09DD56AD26088B1FA609B8D201064450
                                                                                                                                                                                                                SHA1:1EFC7CF7DDCF5C06E9291518FA0E073469075231
                                                                                                                                                                                                                SHA-256:B5D149184A4E4A3ED8425E5ACE844D784A4ED5A4E0004E959CF17F6267E80B40
                                                                                                                                                                                                                SHA-512:4CE0C45ADD02009370FFDEB963A5899347C22D3FDDE8907478C767D117871432443DBB1C54C6BE9FDB91207C0611B8BAF0863175DD8FCB73D07407521F7024BE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ========================================================= [ PHP ] -->.... PHP - Personal Home Page / PHP Hypertext Preprocessor -->......<parser.....displayName="PHP - Personal Home Page / PHP Hypertext Preprocessor".....id ="php_syntax".....commentExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`).........(?s:\x2F\x2A.*?\x2A\x2F) # Multi Line Comment x2F -> '/' x2A -> '*' ........|.(?m-s:(?:\x23|\x2F{2}).*$) # Single Line Comment 1 # and 2 //....... # |.(?s:\x22(?:[^\x22

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\powershell.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1381
                                                                                                                                                                                                                Entropy (8bit):4.852553368301221
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjGPIYPqxFRk3oN+KaoOPf1qxFRk3oN+knUC+E/b6oaGoP1Ia4U4jwC:cHPIqwFy39K7OPtwFy39knUzE/b6oatC
                                                                                                                                                                                                                MD5:9FE2A57FB28E8E3CCF4D3A2A090A7B4D
                                                                                                                                                                                                                SHA1:741F540C8176CB891750C9EF0B6C66BCA7CA78F0
                                                                                                                                                                                                                SHA-256:9D6EE11F048B734A4EDF01ACDA39D1390B0E1E88756919991C242073723B9C21
                                                                                                                                                                                                                SHA-512:BEBB8DCB691842E092508E57E7A588E9042536BAB481B0DF814D4A82FEA503C5C71DCE9CFD31BDC1FD79F49E2CBE9B3D698FA9C3C906A7CF1F77E5291B4069BA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ================================================== [ PowerShell ] -->......<parser.....displayName="PowerShell".....id ="powershell_function".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?s:\x3C\x23(?:[^\x23]|\x23[^\x3E])*\x23\x3E) # Multi Line Comment........|.(?m-s:\x23.*$) # Single Line Comment........"....>.....<function......mainExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........\b.......

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\python.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1137
                                                                                                                                                                                                                Entropy (8bit):4.938411143244232
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjhOGYRIMRaf4B55rGGxgYtNL0P/mZGGZ4Nn:c+OGCgfKrjOY70GZjZe
                                                                                                                                                                                                                MD5:0E30FB08F769F2459C1382999BFA3860
                                                                                                                                                                                                                SHA1:C473CF93ED3B6CD4D072CBD8321BE75ACF3AA8C7
                                                                                                                                                                                                                SHA-256:940A66C130FB5E1827F734BA6D1E290661CD43809580E4A8D8CE546790003C4E
                                                                                                                                                                                                                SHA-512:884A774FA6B576937412DF3FCFA9E13464DD7DEE23430A6937DA5BB2A90B70A7C51981642E6648A131079F07BA132201E89E0798CEFEFE1135C5434626A003FC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ====================================================== [ Python ] -->......<parser.....displayName="Python".....id ="python_syntax".....commentExpr="(?s:'''.*?''')|(?m-s:#.*?$)"....>.....<classRange......mainExpr ="^class\x20\K.*?(?=\n\S|\Z)".....>......<className>.......<nameExpr expr="\w+(?=\s*[\(|:])" />......</className>......<function.......mainExpr="\s(async )?def\x20\K.+?(?=(:$|,$|:\s*#))"......>.......<functionName>........<funcNameExpr expr=".*" />.......</functionName>......</function>.....</classRange>.....<function......mainExpr="^(async )?def\x20\K.+?(?=(:$|,$|:\s*#))"....

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\raku.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1427
                                                                                                                                                                                                                Entropy (8bit):4.6099677158424734
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xj/sUYPqxFRk3oN+Lf1qxFRk3oN+8EY7hN/kNEIa4SSW4aWC:cWqwFy39LtwFy398EY7hNMNE50WJ
                                                                                                                                                                                                                MD5:6B5B0C69E96E5DC11E9D841349E49C82
                                                                                                                                                                                                                SHA1:A0730F2F617BCEF18C0030E6F6314A40B58E78EF
                                                                                                                                                                                                                SHA-256:D00A1520FD5B4CEF780E63D5A036198EF93BF36124479FACD703C8A7118A7737
                                                                                                                                                                                                                SHA-512:B52680E886FD70ED2A09198559D08D3CFC101F118D7453287DAE752FFFC8B387D92A7DCE74C8BDAC303AD8A8BE802B53B4806DFB46DE173CFEB0462BEB209C60
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ======================================================== [ Raku ] -->......<parser.....displayName="Raku".....id ="raku_function".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?m-s:\x23.*$) # Single Line Comment........"....>.....<function......mainExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........sub........\s+........[A-Za-z_]\w*........(\s*\([^()]*\))? # pro

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\ruby.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1088
                                                                                                                                                                                                                Entropy (8bit):4.776081391494221
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjmnktRaf4d5SDRgYty0P/DBD541:cNnktgfaSDuYw0jBD5G
                                                                                                                                                                                                                MD5:9B89093254088D0CCE1E013F0DF2AE97
                                                                                                                                                                                                                SHA1:67843FD332DA121F5448F6158AFFA486BDD2E883
                                                                                                                                                                                                                SHA-256:BFFBEBEDCCB4BFD8E849BB3B577EAF0BC821BD45BE29905017E667034E5B25BE
                                                                                                                                                                                                                SHA-512:92E83DD77A29FBE76178BD804F4D44DD1D23EC6216307796841EBB8EFEDE2F6C1A274709CCB92128DE506F40AE0048D5053489D3958CAC59E21DA009073ED060
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ======================================================== [ Ruby ] -->......<parser.....displayName="Ruby".....id ="ruby_syntax"....>..... within a class-->.....<classRange......mainExpr ="^class\x20\K.*?(?=\n\S|\Z)".....>......<className>.......<nameExpr expr="\w+" />......</className>......<function.......mainExpr="^\s*def\s+\w+"......>.......<functionName>........<funcNameExpr expr="def\s\K\w+" />.......</functionName>......</function>.....</classRange>..... without class-->.....<function......mainExpr="^\s*def\s+\w+".....>......<functionName>.......<nameExpr expr="def\s\K\w+

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\rust.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1848
                                                                                                                                                                                                                Entropy (8bit):4.648694909444974
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cEqwFy39VeIOwW9rJk/7gEtTYT4hxKITGLluWwad3:ThFy325hGI4qOU
                                                                                                                                                                                                                MD5:ACCC6038DE578929AF94649CADD88A14
                                                                                                                                                                                                                SHA1:BBFE66BF9D36EA92AC437D466DB1F36AE4F67A28
                                                                                                                                                                                                                SHA-256:1571595DEE56CF2B6B2E39F2108DB82CD2E8FAF15C1D15BBA2FDF34770BCDA7F
                                                                                                                                                                                                                SHA-512:C5EC00CB7B7E57DC0BFEDE706A39D99C64B44E572033BA162CC6B6C697D532C072F342256AA71AF57BC4239382389A24CE7E25F63D76C9738D3AC5C7A29312A6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... =========================================================== [ C ] -->....<parser.....displayName="Rust".....id ="rust_function".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?s:\x2F\x2A.*?\x2A\x2F) # Multi Line Comment........|.(?m-s:\x2F{2}.*$) # Single Line Comment........"....>.....<function......mainExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`)........^\h*

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\sinumerik.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1003
                                                                                                                                                                                                                Entropy (8bit):4.8614525643313495
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TMHdYnPWrCNhAcuYAccgYwCAQPSVEPdmivp4IbS1M6SWAUNpMpJlfzpAlAYr/+9F:2dvk7xjDep/IbNcJlYAYcCiP
                                                                                                                                                                                                                MD5:16E39474342D0CC1D3A189FAD83D5721
                                                                                                                                                                                                                SHA1:726E75D326099B405DA6D6B266F4B9C55F7C51F9
                                                                                                                                                                                                                SHA-256:DB3AC1FD3D65DF45D805ADB8DFE0C5209DB07EF93406DB17DFB783DD8048720A
                                                                                                                                                                                                                SHA-512:D089FFA2B74E14B51C65B1B69CB1D358BC96D5C59B9E18AEB2B32048B0E1D6E3D103F2D6C0CC785E95FD788EACD097D210CFE028AE499516CF4452A89A270D34
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... =================================================== [ Sinumerik ] -->.... Sinumerik - Siemens Numeric Control -->...... ....| https://notepad-plus-plus.org/community/topic/12520/function-list-for-simatic....| 20161113: Added `(?!\$PATH)` to get around restriction/bug of....| two characters required before comment.....\-->....<parser.....displayName="Sinumerik".....id ="sinumerik_function".....commentExpr="(?m-s:;(?!\$PATH).*?$)"....>.....<function......mainExpr="(?m)^%_N_\K[A-Za-z_]\w*"...../>....</parser>...</functionList>..</NotepadPl

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\sql.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1310
                                                                                                                                                                                                                Entropy (8bit):5.215601363371318
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjypYEyevrK1ap4PrK1aF4frK1aF4f2:c7pieDK4sKIuKIf
                                                                                                                                                                                                                MD5:C73F99D5647E98C053FAD2FB8333AE55
                                                                                                                                                                                                                SHA1:0712DD962943BD81C2CDA5C20739CCF23CAE765A
                                                                                                                                                                                                                SHA-256:B647B20E4A5F0266A6ED8B3792588EADBD213FCB2544C8A4D809FE9A7CD29988
                                                                                                                                                                                                                SHA-512:529EB78FAB9CBF0DE40FB1B31C20D6C5534757491EEF153EB16143248B90B1CAF49130498C2775022D9F437A32A9F8402011EB70CC9B13505DF3ED01A8CAEFBF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ========================================================= [ PL/SQL ] -->....<parser id="plsql_function" displayName="PL/SQL" commentExpr="((/\*.*?\*)/|(//.*?$))">......<function......mainExpr="^[ \t]*((PROCEDURE)|(FUNCTION))[\s]+[A-Za-z][\w_]*([\s]*(?'open'\().*?(\)))?(([\s]*;)|([\s]*([ia]s)\s)|([\s]+(RETURN)([\s]+[\w%\.]+)+(([\s]*;)|([\s]+([ia]s)\s))))"......displayMode="$className->$functionName".....>.....<functionName>.......<nameExpr expr="[\s]+[A-Za-z][\w_]*([\s]*(?'open'\().*?(\)))?(([\s]*;)|([\s]*([ia]s)\s)|([\s]+(RETURN)([\s]+[\w%\.]+)+(([\s]*;)|([\s]+([ia]s)\s))))"/>.......<nameExpr exp

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\tex.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1009
                                                                                                                                                                                                                Entropy (8bit):4.746342274348203
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dJ7xZd+YG0TgfW6oN+SZblKO/x+cW49GcG+Gc+3GMO7U:c7+B0Tgx9SFV/xLW49GcG+GcOGMGU
                                                                                                                                                                                                                MD5:77A78F7A4DED929652CB43DD30AA224E
                                                                                                                                                                                                                SHA1:A4408E3F45326CB1AD49C57CAD5758F378913CD4
                                                                                                                                                                                                                SHA-256:C285165F24559742EF0C993DEDCEFECB7D41545197B41F541E226014BF924388
                                                                                                                                                                                                                SHA-512:E6410830F2E76E62319F2B8E16CC306A383BDB9596FFB472405390F536EDB39360D94065E96EBDD2A352775CFAD3C61B766C48D6A668AB6EFA7987051308B120
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..| To learn how to make your own language parser, please check the following..| link: https://npp-user-manual.org/docs/function-list/..\=========================================================================== -->..<NotepadPlus>...<functionList>....<parser.....displayName="TeX Syntax".....id ="tex_function".....commentExpr="(?x).........(%.*?$) # Comment........"......>.....<function......mainExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`)........ (?im-s) # ignore case, ^ and $ match start/end of line, dot doesn't match newline........ \\(begin|......... part\*?|......... chapter\*?|......... section\*?|......... subsection\*?|......... subsubsection\*?|......... paragraph\*?|......... subparagraph\*?)......... {.*}".....>.....</function>....</parser>...</functionList>..</Not

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\toml.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):946
                                                                                                                                                                                                                Entropy (8bit):4.709252168095689
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TMHdYnPWrCNhAcuYAccgYwCAQPSJ/xdEPwPpR7YGvsTy1jCjf+9B+vPzB4fCP3Jc:2dvk7xjXxdBYG0TpfV45
                                                                                                                                                                                                                MD5:7B6F8F27DBD43A29B0A7C88A1A5511F1
                                                                                                                                                                                                                SHA1:E4D69B362CDB673DD397C6CF3919F3ED96AD0E3A
                                                                                                                                                                                                                SHA-256:1D6C4692C044B5E9C4E3135CFA991A1823EEC109922984217AC76ACF7D4FBEAC
                                                                                                                                                                                                                SHA-512:6A62B0109CC32A2E24A55BFDE7FEC59DEE11069CA86C3AC8FC44A636286A5BDB294BE48E760E44D9CC4271D72559836B40055EF5A6724DD092680F502B909562
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ========================================= [ Initialisation File ] -->.... File format used for TOML -->......<parser.....displayName="TOML Table".....id ="toml_table".....commentExpr="(?x).........(?m-s:[#].*$) # Single Line Comment........"....>.....<function......mainExpr="^\h*[\[[\w\.&quot;\-&apos;]+\]".....>......<functionName>.......<nameExpr expr="[\w\.&quot;\-&apos;]+" />......</functionName>.....</function>....</parser>...</functionList>..</NotepadPlus>

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\typescript.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1146
                                                                                                                                                                                                                Entropy (8bit):5.116341151914294
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjnlY6VTgvmZe3Jr41vVv041Y41TgL41TgLC:cYPpZe5rzvs8sV
                                                                                                                                                                                                                MD5:161567BFCA5FDE72697159A77D355D5F
                                                                                                                                                                                                                SHA1:DE3FE298933A90241B0E523F707CB6DBBE7E4120
                                                                                                                                                                                                                SHA-256:BD7EB2A68383C94758CAAB9AA5BCFA9A1289BCEED2E11D30846C20521B606D98
                                                                                                                                                                                                                SHA-512:9BBC66F4E5FE51A1F87016D82BF3CD76324EB81EF14F5BBDCD7986A8DB630936195562EBCC5916E657BA513519312ABDF6F0187DBB9531DA4DB93571FE51D64E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ================================================ [ TypeScript ] -->......<parser.....displayName="TypeScript".....id ="typescript_function".....commentExpr="(?s:/\*.*?\*/)|(?m-s://.*?$)"....>.....<function......mainExpr="((^|\s+|[;\}\.])([A-Za-z_$][\w$]*\.)*[A-Za-z_$][\w$]*\s*[=:]|^|[\s;\}]+)\s*function(\s+[A-Za-z_$][\w$]*)?\s*\([^\)\(]*\)[\n\s]*\{".....>......<functionName>.......<nameExpr expr="[A-Za-z_$][\w$]*\s*[=:]|[A-Za-z_$][\w$]*\s*\(" />.......<nameExpr expr="[A-Za-z_$][\w$]*" />......</functionName>......<className>.......<nameExpr expr="([A-Za-z_$][\w$]*\.)*[A-Za-z_$][\w$]*\." /

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\universe_basic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2021
                                                                                                                                                                                                                Entropy (8bit):4.659765801614369
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c44PRqwFy39TxOHJSKzWq4dwHr4ictwFy39ByS/GiHf5BzP:X4PRhFy3eowLRZFy35/
                                                                                                                                                                                                                MD5:3D51AFD290E62685D11376237CEAC3C2
                                                                                                                                                                                                                SHA1:CDDD77E442ABA5CA65289A744D89826CDE95E663
                                                                                                                                                                                                                SHA-256:7C0719B9B312A531CF41CD08AFFACCEEF6DE084619808238FEC0F0247955F26E
                                                                                                                                                                                                                SHA-512:51E36085A7BE654CFB80C1D2AC2BF8E384216B859DCA0267B4377A5850AA267BCDF274DBD6F81B6E38029EC1D066474E941EC7A5BC82A46688EE053605F32C85
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ============================================== [ UniVerse BASIC ] -->...... ....| Based on:....| https://notepad-plus-plus.org/community/topic/12742/functionlist-different-results-with-different-line-endings....\-->....<parser.....displayName="UniVerse BASIC".....id ="universe_basic".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?m-s:..........(?:^|;) # at start-of-line or after end-of-statement..........\h* # opt

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\vhdl.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1623
                                                                                                                                                                                                                Entropy (8bit):4.673364987933061
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dvk7xjbmYxCl6oN+107oJSBDY8+7LQodNwCN2JMNMp754NG:cKmYxC09WEJSB/+fQodNwsIMNq75L
                                                                                                                                                                                                                MD5:7ABB134780AAF79C527C734DDB51E245
                                                                                                                                                                                                                SHA1:A52FEAFF1DC159629691F4BED846CF79C8F8D945
                                                                                                                                                                                                                SHA-256:558BBE6193A202DCB00CC441421F5D838764E495B8E4D2E10877DB7F661B8CD5
                                                                                                                                                                                                                SHA-512:9B1EAD60AAB99FCD4C20FFF903C09CCA73AF40CDFD14AC23BF4CC2B5775B9B8338672C9025740B5F40377928C0DC9A1E9C0E0716E6FAEA5F67AA6741C04D73BB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ======================================================== [ VHDL ] -->.... ....| Derived from :....| https://community.notepad-plus-plus.org/topic/11554/function-list-for-vhdl....\-->....<parser.....displayName="VHDL".....id ="vhdl_syntax"....>.....<function......mainExpr="(?x) # free-spacing (see `RegEx - Pattern Modifiers`)....... ^ # match at beginning of line....... \h* # optional leading whitespace....... (\w+\h*:)?

                                                                                                                                                                                                                C:\Program Files\Notepad++\functionList\xml.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2229
                                                                                                                                                                                                                Entropy (8bit):4.422036301369691
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cH3eqwFy39wOtwFy39uM/citq4BCN8TzqXpfAzpLf94x95r:OuhFy3eFy3mYzpk7
                                                                                                                                                                                                                MD5:F898E5E36168FF0C5FF532C9BB068563
                                                                                                                                                                                                                SHA1:287F8FBD7A3B66A4CAE7C29CC9A775FA3F2D52B5
                                                                                                                                                                                                                SHA-256:5AC3E308C8BEF5ED42463929A1BE5F519F56A0785FD8C2AED6F85073CC5F98FC
                                                                                                                                                                                                                SHA-512:C8651DEA83B3D9DBD64927A95E2C5EC5DDD62335370076983EB07F6C5A30F1E61DECD4F1EFE170C5B0CC139F3EBEE89E010D914C5246866FCA9B5061E557262F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ==========================================================================\..|..| To learn how to make your own language parser, please check the following..| link:..| https://npp-user-manual.org/docs/function-list/..|..\=========================================================================== -->..<NotepadPlus>...<functionList>.... ========================================================= [ XML ] -->.... XML - eXtensible Markup Language -->......<parser.....displayName="XML Node".....id ="xml_node".....commentExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`).........(?:\x3C!--(?:[^\-]|-(?!-\x3E))*--\x3E) # Multi Line Comment........"....>.....<function......mainExpr="(?x) # Utilize inline comments (see `RegEx - Pattern Modifiers`)........\x3C

                                                                                                                                                                                                                C:\Program Files\Notepad++\langs.model.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (5630), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):528975
                                                                                                                                                                                                                Entropy (8bit):4.757997444772401
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:VGsUVmAPKHnRFYWSLNLGb30KNhsaO3p3qu6OvwLKgNQrFimA4zhZe:YVmxRFYWSLNLGb30KNhsaO3p3qu6Ovw9
                                                                                                                                                                                                                MD5:E06D4FA294283064BA583BF8BF116552
                                                                                                                                                                                                                SHA1:B290CA5528E20B8EA1E834153E98E9813B1F423B
                                                                                                                                                                                                                SHA-256:319256D613573E335F1D0DAF6550711718008A8B12064933D875E77E36EA4729
                                                                                                                                                                                                                SHA-512:04002AB1AC2AA27E7CA707FD66092863876AAD35E00583F8BCF037D191705E7607F621788CE7D8A0E44221F2C3FE634B31565261CD30EAF7299D975A2BCF6F67
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. The key words of the supported languages, don't touch them! -->.. For languages like C/C++ substyle1..8 entries, you may enter your own keywords in those entries, .. to have them show up in the "Default keywords" list shown in the Style Configurator -->.. <Languages>.. <Language name="normal" ext="txt"/>.. <Language name="actionscript" ext="as mx" commentLine="//" commentStart="/*" commentEnd="*/">.. <Keywords name="instre1">add for lt tellTarget and function ne this break ge new typeof continue gt not var delete if on void do ifFrameLoaded onClipEvent while else in or with eq le return instanceof case default switch</Keywords>.. <Keywords name="type1">arguments constructor class dynamic false extends implements import interface intrinsic newline null private public super static true undefined Accessibility Arguments Array Boolean Button Camera ContextMenu ContextMenuItem

                                                                                                                                                                                                                C:\Program Files\Notepad++\localization\english.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):98194
                                                                                                                                                                                                                Entropy (8bit):5.23859845469495
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:yaV0EXGv7GJs4bRKgtneY6ibCZ6+pp2Qf:yc3SqzbRKg1Cx3
                                                                                                                                                                                                                MD5:6DAAF86FB1E81CB310C99F10C6F45502
                                                                                                                                                                                                                SHA1:ACF9A84B3C6A3E478F2602CC408C5F09E21D917D
                                                                                                                                                                                                                SHA-256:511BD81C2FC9C8D03163F0EA5D9BBD273699C638A04709CDB25FAE74F44E1198
                                                                                                                                                                                                                SHA-512:34B23F1A179A68E807FE52DC587055AFCEF29BE559C74ED3542B6D32334B8770D3C25FEA98EB8F194E1BD86275F1CCABFB65BF7BD232C7802D6BF8E5F4579E34
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="English" filename="english.xml" version="8.6.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Edit"/>.......<Item menuId="search" name="&amp;Search"/>.......<Item menuId="view" name="&amp;View"/>.......<Item menuId="encoding" name="E&amp;ncoding"/>.......<Item menuId="language" name="&amp;Language"/>.......<Item menuId="settings" name="Se&amp;ttings"/>.......<Item menuId="tools" name="To&amp;ols"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="&amp;Run"/>.......<Item menuId="Plugins" name="&amp;Plugins"/>.......<Item menuId="Window" n

                                                                                                                                                                                                                C:\Program Files\Notepad++\notepad++.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8487768
                                                                                                                                                                                                                Entropy (8bit):6.90181543489662
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:98304:yr+5LLLMfYnzq2lSS9EbdY/C5VWN/Wp2gQdPIrbm5SUoGhw:J5LL+YnqS9EbEC5cxQQd6qSUXO
                                                                                                                                                                                                                MD5:47F3922D5A017C971D39814E512EB57A
                                                                                                                                                                                                                SHA1:85FBCA853803DBD8A5F13CA7346456A471F4C8CB
                                                                                                                                                                                                                SHA-256:882D649811004F0A97F8B932BD2671BB69E324FA0061F3E8D6B6DAA7C8E5E29A
                                                                                                                                                                                                                SHA-512:A3683CA34D0A581D8596E7989FBC9AA184F1A88F687137410E91C16FC8CACEBA48CBB503E311880D3E39CED25DB79F0DABE216780A7670128BE4A14265FCC412
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......W.dk.p.8.p.8.p.8X..9.p.8X..9.p.8...8.p.8...9.p.8...9.p.8...9~p.8X..9.p.8X..9.p.8X..94p.8.p.8.r.8...9=q.8...9.p.8...8.p.8.p.8.p.8...9.p.8Rich.p.8........................PE..d......f.........."....(..F...;......KA........@.........................................`.........................................0XV.....8YV.......Z.H.'.. X......Z..X).......T....P.......................Q.(.....P.@.............F..............................text.....F.......F................. ..`.rdata..&.....F.......F.............@..@.data...Tx....V.."....V.............@....pdata....... X.......W.............@..@.rsrc...H.'...Z...'...Y.............@..@.reloc...T.......V..................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):210776
                                                                                                                                                                                                                Entropy (8bit):6.458065132035069
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:cgJuLj6EIoQnHEcn/X97Fo/rg4a2uhJFwCrvfaA4XKd25Hz8kxeXD6nW:7uv6iiHEc/XjvXvKggW
                                                                                                                                                                                                                MD5:190B77F221C195BA394413823345C979
                                                                                                                                                                                                                SHA1:CAB94F45DD6B8D3002CAB729FFE7EF56E1B88DB1
                                                                                                                                                                                                                SHA-256:463E345E3A18E0F31817E3C12F699E592C326BF8A48DBFC219884043C993218B
                                                                                                                                                                                                                SHA-512:E82BBDF28660B86F30A8C0F9D2D0A8ABD2C87A9795BDA67A87CA57B7D16FBAC8BA4698E1DDB7E1C0D70A0CB50F62EA502D8286649D87EF2DF8F0D7C0213F7864
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QB"g.#L4.#L4.#L4^[O5.#L4^[I5.#L4^[H5.#L4.O5.#L4.H5.#L4.I55#L4^[M5.#L4.#M4L#L4..E5.#L4...4.#L4.#.4.#L4..N5.#L4Rich.#L4........................PE..d.....f.........." ...(.....B......P........................................P......?4....`..................................................~..(........s..............X)...@..X...0i..p............................g..@...............H............................text............................... ..`.rdata..............................@..@.data...P............v..............@....pdata..............................@..@.rsrc....s.......t..................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):203608
                                                                                                                                                                                                                Entropy (8bit):6.349237308028838
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:YsyQLpFufl6OPM07zq06MuUy8wqy9XGOeXLXTbi0A7zR9zk:fFLIl/M060Or6ucjb5AfR9
                                                                                                                                                                                                                MD5:73F6FDE33E6A8475FD43B5F648F6199F
                                                                                                                                                                                                                SHA1:201617F2674BB82F2636E44D81D5CF8583CD21F9
                                                                                                                                                                                                                SHA-256:4883AFA040A88012AECC86D175723335C1E53DEB86B26DF078253A8296A1C54B
                                                                                                                                                                                                                SHA-512:ADFD533BCC3CEDDC1CC3ACD89E258FECF4A7E074D1DC33597B2F1F30BAD5B6B83000A273427BB19318A1E03DDEC78DDE4F95B22B373CDB03827D875FD62F5130
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........g...............~.......~.......~.......}.......}.......}.......}.......~...............}.......}.......}........j......}......Rich............................PE..d......e.........." ...!..... .......J.......................................P............`......................................... ..........P....0..(.......d.......X)...@..(...P...8...............................@............................................text............................... ..`.rdata.."...........................@..@.data....&..........................@....pdata..d...........................@..@_RDATA..\.... ......................@..@.rsrc...(....0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):157528
                                                                                                                                                                                                                Entropy (8bit):6.320072314867563
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:aHWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6yS:UWYwtRxCYAKfb5uwodsIjd6k6
                                                                                                                                                                                                                MD5:5B9508AC7AB7D0E6C467B720111A5D49
                                                                                                                                                                                                                SHA1:D8205F1F823EAB399F4BB4E10C4598CB5E678DB8
                                                                                                                                                                                                                SHA-256:1D24EB4B48A73CA45C53C87E122190D330157291A324D699A642B2D1AD8009E6
                                                                                                                                                                                                                SHA-512:865E6C336391E8F2C4D5E54DC97F486B0315D51329745374E96D6ABA664E53BB8272A25F2C29D95572162F2EE80063D5DF487398D9144FFC8F3D8BC77213BC6D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(...l.a\l.a\l.a\..b]i.a\..d]..a\..e]f.a\.d]O.a\.e]b.a\.b]e.a\..`]g.a\l.`\..a\..d]j.a\..a]m.a\...\m.a\l..\m.a\..c]m.a\Richl.a\........PE..d.....a.........." .....R...........8....................................................`A........................................p.......$...x............`.......>..X)..............8...............................8............p..@............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data....!...0......................@....pdata.......`......................@..@_RDATA..............................@..@.rsrc................0..............@..@.reloc...............6..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):148824
                                                                                                                                                                                                                Entropy (8bit):6.227956523438341
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:C3/HUI6sHHIQq/4x5py8qLlCat4HVOtzNNG0vBxN049K7I:C3H6snI2xzy8qLJ4VqNm49
                                                                                                                                                                                                                MD5:DB2FD51185B0E67449ADF3B7361951FF
                                                                                                                                                                                                                SHA1:77C48ECAC829B649525254AB930FB299E23E6FE9
                                                                                                                                                                                                                SHA-256:2A635EFAD671EC4F740DD41BFE387F947020B036FD92E0D9AFB7B93D2DD3897D
                                                                                                                                                                                                                SHA-512:CB923BB2E348605AF9930709FBEDE1D5F607122B46673DFD76293A28786089338AB2B59E034D23DDF5D0FAB80BDE854C404D6D4FA45E996B39C2CE834A6D49FB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................._.......X......X......X................V......V......V......V.R......:....V......Rich...........PE..d.....e.........." ...!.6..........4J....................................................`......................................... ...........<....p.......@..........X)......t.......8...............................@............P...............................text...05.......6.................. ..`.rdata..h....P.......:..............@..@.data....2..........................@....pdata.......@......................@..@_RDATA..\....`......................@..@.rsrc........p......................@..@.reloc..t...........................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\readme.txt

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (469), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1526
                                                                                                                                                                                                                Entropy (8bit):4.8975863014842265
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:LiHua5ye7eI/gzVMRsg7lM527b5X1QnapjLSbZiOsVxompOIW2HT:LnS7eI/gZcy2/NvCbZhsVxxkT2HT
                                                                                                                                                                                                                MD5:11B0A85DCD7045352F71E46D83DE6D7E
                                                                                                                                                                                                                SHA1:77B65E52E20A64441C01C57510DC3D60B33AFA16
                                                                                                                                                                                                                SHA-256:BC661498305746C6DEACBEE301522F7C283566A804184E290481D3B57AF675B1
                                                                                                                                                                                                                SHA-512:8037C0C3DCD6162D4363126DD80E5B7954FF7F06B276B29591FCF35D5592D10174993972854FA416B40324E683E838EDEFE636F35F5D3904C282E433DA5BFD7D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:What is Notepad++?..******************....Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement (https://npp-user-manual.org/docs/other-resources/#notepad-replacement) that supports several programming languages and natural languages. Running in the MS Windows environment, its use is governed by GPL (GNU General Public License).......Why another source code editor?..*******************************....The company I worked for used JEXT (another open source code editor in Java) as the production tool. Due to its poor performance, I began an investigation to find another solution (in C++ instead of in Java) in September 2003. I found Scintilla and built a prototype. This solution was not accepted. I removed the specific part and continued to develop it in my leisure time. On the 25th November 2003 it was made available on Sourceforge, hence the birth of Notepad++.......How to install:..***************....From the installer:...Just

                                                                                                                                                                                                                C:\Program Files\Notepad++\shortcuts.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3156
                                                                                                                                                                                                                Entropy (8bit):4.94472250118282
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:moSQ9lw5lA52S3PNfN01BkdtZaboMk8tZabxi:/+SkXkxi
                                                                                                                                                                                                                MD5:FB573784B83033DD4361F52006D02CB8
                                                                                                                                                                                                                SHA1:0A2923A44EC1BD5E7E8BC7CACE15857AE03BF63C
                                                                                                                                                                                                                SHA-256:37A24662CD55B627807BC2BB7CBBA5BBF2ABAF6DA4DD7BBB949BFAA7903EAE9C
                                                                                                                                                                                                                SHA-512:753B44B5E8BEA858CF5CC5DDFDC38098A2F3F921949CF98706EAD95BDFA1DE7AB0C115E9D69237623A03C422969480204C69D3BA277141527458C68230D0C67C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. <InternalCommands />.... .. You can organize you Macro menu & Run menu by adding the attribute 'FolderName="My sub-menu name"' to any Macro or Command node... This will place the corresponding node within a "My sub-menu name" sub-menu in the appropriate menu. Please consider the following examples:.. -->.. <Macros>.. .. <Macro name="aa" Ctrl="no" Alt="no" Shift="no" Key="0">.. <Action type="1" message="2170" wParam="0" lParam="0" sParam="A" />.. <Action type="1" message="2170" wParam="0" lParam="0" sParam="A" />.. </Macro>.. <Macro name="az" Ctrl="no" Alt="no" Shift="no" Key="0" FolderName="words">.. <Action type="1" message="2170" wParam="0" lParam="0" sParam="a" />.. <Action type="1" message="2170" wParam="0" lParam="0" sParam="z" />.. </Macro>.. <Macro name="qw" Ctrl="no" Alt="no" Shift="no" Key="0" FolderName="w

                                                                                                                                                                                                                C:\Program Files\Notepad++\stylers.model.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):220889
                                                                                                                                                                                                                Entropy (8bit):4.854743969891897
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:NM7D8VpozibLr9R89BJQ0gYMm7/yyUaps0zShoBeVenvM1yvhcvroeLyZelLcRXA:NMY0BJfBps0z2XenudyZelgRXUMgNr
                                                                                                                                                                                                                MD5:B5BE23977004D53EB0D7ADD0074C52BB
                                                                                                                                                                                                                SHA1:8B5E788110633D685289143B7B867EA3F1FB1713
                                                                                                                                                                                                                SHA-256:BB0F9764134B310E4D1D627A7F4BDE29857AB98AB01967D928BA68DD20A689F1
                                                                                                                                                                                                                SHA-512:F6AEC448DCEE663D60ED25BF692D5B6B7A152041364D3161540B7A095C3BF8EB64DD23CEDA3F7988F31F37962BF85327BA4D7D419B7C998E28FD7C6A5E102033
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. <LexerStyles>.. <LexerType name="actionscript" desc="ActionScript" ext="">.. <WordsStyle name="DEFAULT" styleID="11" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="FUNCTION" styleID="20" fgColor="95004A" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" keywordClass="type2" />.. <WordsStyle name="PREPROCESSOR" styleID="9" fgColor="804000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="INSTRUCTION WORD" styleID="5" fgColor="0000FF" bgColor="FFFFFF" fontName="" fontStyle="1" fontSize="" keywordClass="instre1" />.. <WordsStyle name="TYPE WORD" styleID="16" fgColor="8000FF" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" keywordClass="type1" />.. <WordsStyle name="NUMBER" styleID="4" fgColor="FF8000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" />..

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Bespin.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (469), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):127889
                                                                                                                                                                                                                Entropy (8bit):4.952394945766571
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:LpdMD8cTOdUiVzrLQNOoy5MnDY9ueKXnEx2rolRKhZMBWkK9QMHnj0s7xfDB/fxo:lSD8cTOddFKc2QMHYyK9W6
                                                                                                                                                                                                                MD5:37E7CB7135557C6191064FE46FE32756
                                                                                                                                                                                                                SHA1:F92A87690D0324A03DF4817E937B87E6DACCFC8C
                                                                                                                                                                                                                SHA-256:60BC756537A9005BCFE1829BC81737B07FE096D3593FC3B043A8CBD5EAD90D9C
                                                                                                                                                                                                                SHA-512:112FDD7C1BD6790A92579B63BBCB8D6BC61A4B560CD11284A7D242B654CF0F31440D9B68F7DE015DE04B4807A451A93B7D2BEBD6C5A2AC21CFF4B7411C28BD62
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //....Bespin..Copyright (c) 2009 Oren Farhi, Orizen Designs - https://www.orizens.com....Permission is hereby granted, free of charge, to any person..obtaining a copy of this software and associated documentation..files (the "Software"), to deal in the Software without..restriction, including without limitation the rights to use,..copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the..Software is furnished to do so, subject to the following..conditions:....The above copyright notice and this permission notice shall be..included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES..OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT..HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Black board.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):126455
                                                                                                                                                                                                                Entropy (8bit):4.917664666643355
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:BQHSd9WxEFXMqMlMVMaMxMgMSMAbDTMK7aTbLdUPuQT50bdFbm2McZrFyVCv+MNY:Bpd7VkqNcbTPYbd3MG8ZSNEZ
                                                                                                                                                                                                                MD5:F396FE297B7C04491DBEC7AA1EE752BA
                                                                                                                                                                                                                SHA1:4D0AFD8E3703DDD34956C0CF2B42D2281CC0895B
                                                                                                                                                                                                                SHA-256:D9DFF3F9A80DF9E5BE3CD62E8897452CAF71CF5F6F52B6DE381DEDD176F39E86
                                                                                                                                                                                                                SHA-512:7082C74859D8ACD707A957C78767ACCE342FACAAFD60F01FB44B0306E5305E1953E7AFC25AC5494DC6FBA9FF338F3A6018C44D1FF133166A289E0CDADC2A448D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //....Blackboard..Copyright (c) 2008 Fabio Zendhi Nagao <http://zend.lojcomm.com.br/>....Permission is hereby granted, free of charge, to any person..obtaining a copy of this software and associated documentation..files (the "Software"), to deal in the Software without..restriction, including without limitation the rights to use,..copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the..Software is furnished to do so, subject to the following..conditions:....The above copyright notice and this permission notice shall be..included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES..OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT..HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Choco.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):125223
                                                                                                                                                                                                                Entropy (8bit):4.965100455573036
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:KpdC5UmWgzgATB7QT+fqYU+nI5aDn5UmWgzgATB7QT+fqYU+nI5aDX5Umw0gzgAn:8EvqDvAFtM0tct73m/N36B
                                                                                                                                                                                                                MD5:0EECF5BCAEBDCD574137B698C23D9C18
                                                                                                                                                                                                                SHA1:96AD5958FA88621BB4E5C98FA2D13CB9B0C4E554
                                                                                                                                                                                                                SHA-256:4AAB7361E6649D1D2073BE72BF0F20721BD2B0E70832289D67970491D0EB9F55
                                                                                                                                                                                                                SHA-512:34CF214E69BEC9F541F9D14BCF6DCDE7899EB35A5904C5D1D50491FB19E69CC3614623394DC0AD0CB7A27DEAA120B78BB9386BEED06A45D7C0D80040B472657D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //....choco..Copyright (c) 2008 Fabio Zendhi Nagao <http://zend.lojcomm.com.br/>....Permission is hereby granted, free of charge, to any person..obtaining a copy of this software and associated documentation..files (the "Software"), to deal in the Software without..restriction, including without limitation the rights to use,..copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the..Software is furnished to do so, subject to the following..conditions:....The above copyright notice and this permission notice shall be..included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES..OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT..HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHE

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\DansLeRuSH-Dark.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):143233
                                                                                                                                                                                                                Entropy (8bit):4.924890377728158
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:6QHbdD2me0f2Q55YlG2TWPoTHRH22zonLzdmwDHL61z32U75f6rabl2Al4yq2wDu:6+hzLIG4xWdPEjlf4GaIqbakPDB7Hy
                                                                                                                                                                                                                MD5:ED4754DC0942FD256E54AE50839B96A1
                                                                                                                                                                                                                SHA1:9700633E8C223799B631EA9C92EB9ED9823A4C4A
                                                                                                                                                                                                                SHA-256:0A32500CA28B994FE6A1C38186CE31844601623F3B7212C3AFE22F6C69532734
                                                                                                                                                                                                                SHA-512:A5BE72731488E3EF6A6D493982A5D37512212C099D6E967C6B944D3DEE602039B11750E95D8ECB215BD8D8D2D30E3A22F3241D82C875CC168EBCDFF7D0F41726
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. // DansLeRuSH's dark theme for Notepad++ / Notepad plus plus....[ LEGAL DISCLAIMER ] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"),..to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,..and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions :..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS..FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILI

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\DarkModeDefault.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):220292
                                                                                                                                                                                                                Entropy (8bit):4.895604641827604
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:GJgGbDkpqQDD16Jr/BhbACBsoCgHbDkpNJgGbDkp3JgGbDkp7HcGdwJgGbDIJtJ5:d
                                                                                                                                                                                                                MD5:C2A0048276F3383F61ED4D550D37D004
                                                                                                                                                                                                                SHA1:8A070EE7179E463F149DD8A7679A2E0A859A6CF8
                                                                                                                                                                                                                SHA-256:8B4BFCA8612CDC233A5910EF3307ABC2E811457B46757FF3F3AEC2F9B3DB6424
                                                                                                                                                                                                                SHA-512:ED09FE574BCAB9A0582AB71EBB70380036F7B6F16E116BA101339717669491B5EE526AC5FCA02C27FDC4CEC984B2AE05AC8EC5B3DD49DCDD86CF90DCE846D8BB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..Dark mode default style for Notepad++...This file is based on Zenburn them (zenburn.xml)..License: GPL2..-->..<NotepadPlus>.. <LexerStyles>.. <LexerType name="actionscript" desc="ActionScript" ext="">.. <WordsStyle name="DEFAULT" styleID="11" fgColor="DCDCCC" bgColor="3F3F3F" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="FUNCTION" styleID="20" fgColor="EFEF8F" bgColor="3F3F3F" fontName="" fontStyle="0" fontSize="" keywordClass="type2" />.. <WordsStyle name="PREPROCESSOR" styleID="9" fgColor="FFCFAF" bgColor="3F3F3F" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="INSTRUCTION WORD" styleID="5" fgColor="DFC47D" bgColor="3F3F3F" fontName="" fontStyle="1" fontSize="" keywordClass="instre1" />.. <WordsStyle name="TYPE WORD" styleID="16" fgColor="CEDF99" bgColor="3F3F3F" fontName="" fontStyle="1" fontSize="" keywordClass="type1" />..

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Deep Black.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):126846
                                                                                                                                                                                                                Entropy (8bit):4.833580459680298
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:kPyNxD1ULhLbFYCiCT+0RGG4RLYRmp9KeTW8ZqkmCjUHaMq:iyNxD1ULhLb+CxRP45etO
                                                                                                                                                                                                                MD5:D3C304BB30E4F5F3A99CF71E111E9A38
                                                                                                                                                                                                                SHA1:6CDF6F659E9834C12037598BA0C4B43A9807626B
                                                                                                                                                                                                                SHA-256:2CAF88AEBF75D4214402BA1A85D4C4B684AA9997F0E9659B02808F5CD2605E1A
                                                                                                                                                                                                                SHA-512:950D62D8DFDDFE4E5B7DC5975E25D86585AAAFD08A0DE8FF66444AC07986B9D1DF4BEFAB7508FF521C3CF96CF24A820DD8AADE5BF6260EC576F18C62BE1073E7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..Style Name: Deep Black..Description: Based on the theme Port VibrantInk by tyler..File name: Deep Black.xml..Created by: Mariusz Kasperkiewicz..Released: 28.05.2009..Featured languages: SQL, C, C++, Pascal, PHP, CSS, JavaScript, HTML, XML and others..License: Feel free to modify this style and re-release it. This style is available under the terms of the GNU Free License.....Keep Notepad++ development active, donate!:..https://notepad-plus-plus.org/donate/..-->..<NotepadPlus>.. <LexerStyles>.. <LexerType name="c" desc="C" ext="">.. <WordsStyle name="PREPROCESSOR" styleID="9" fgColor="C0C0C0" bgColor="000000" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="DEFAULT" styleID="11" fgColor="FFFFFF" bgColor="000000" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="INSTRUCTION WORD" styleID="5" fgColor="FF6600" bgColor="000000"

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Hello Kitty.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):123904
                                                                                                                                                                                                                Entropy (8bit):4.845722319197942
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:Mny0ycCwLzYgjoY9w/yNjHq1pGXkgaBNLYMOHik9lEyk2bQPnyScCwLz/nyScCwe:V35L/ToYajXzePTRQGUV9Uamj8
                                                                                                                                                                                                                MD5:85B2772B870FC2B642414CAC6E5A4DC4
                                                                                                                                                                                                                SHA1:4DE0BB84BEAD9B52FD495ADACCE8A47A625BD71F
                                                                                                                                                                                                                SHA-256:CCE76E2356D041447AFF1C8171584724ECCF2DDF37E7703DE787E0FF32EA0EDA
                                                                                                                                                                                                                SHA-512:E1CE1D50A64CAC6226E4768BBEF7700394F0D734E6ABE6D103CC03D2B1D5F5850C1DE5EFDC524DBFA15A6049EBAC3DECCB5E901C656B99D7A27E8B4DAEC1419F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..Theme name : Hello Kitty..This theme is not complete. If you enhance it, please send it back to me :..<don.h@free.fr>..so your enhanced file can be included in Notepad++ future release........ 2023-09-30: update Perl support... -->..<NotepadPlus>.. <LexerStyles>.. <LexerType name="actionscript" desc="ActionScript" ext="">.. <WordsStyle name="DEFAULT" styleID="11" fgColor="000000" bgColor="FFB0FF" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="FUNCTION" styleID="20" fgColor="95004A" bgColor="FFB0FF" fontName="" fontStyle="0" fontSize="" keywordClass="type2" />.. <WordsStyle name="PREPROCESSOR" styleID="9" fgColor="804000" bgColor="FFB0FF" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="INSTRUCTION WORD" styleID="5" fgColor="0000FF" bgColor="FFB0FF" fontName="" fontStyle="1" fontSize="" keywordClass="instre1" />.. <WordsStyle name="TYPE WORD" styleID=

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\HotFudgeSundae.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (476), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):143178
                                                                                                                                                                                                                Entropy (8bit):4.933567057001134
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:enOj9dHm2ZeedDP1xTy+3EA7+hx28XWgJ94t3YeD9Y9ofnPgBgw9UJJ9297Sysdx:GUdsLenhY1R7SF/Y1b9lwpp
                                                                                                                                                                                                                MD5:0A6EB15EAEA6FDF48D930FC08C2740C1
                                                                                                                                                                                                                SHA1:D7A721E59C1D2DE2A40C25918C676C06C422BCDC
                                                                                                                                                                                                                SHA-256:89615AED4E860FAAD7367327E95EF7999FC2DAD5FDB6E4DD77E5B1B67A0B0B3C
                                                                                                                                                                                                                SHA-512:F31B72C1C575EE35FE6AC597D42E060DCE244485A86268E70942D2B4304D1AF2DB962D3708CA401E05E9414E9316280CF02E1F5606AE7D661736FB89CD52F27F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //..File Name: HotFudgeSundae.xml..Style Name: HotFudgeSundae..Description: HotFudgeSundae theme for Notepad++... Hues from photographs of hot fudge sundaes... Hot fudge, some ice cream peeking out, drizzled with.. caramel, nuts, and sprinkles with a cherry on top...Supported languages: All the languages supported by release 6.7.4..Created by: Paul Neubauer (PaulRNeubauer at gmail dot com)..Released: 4/17/2012..Last Modified: 2/20/2015.. Improved contrast in comments... Added support for CoffeeScript........ 2023-09-30: update Perl support...License: Feel free to modify this theme... This theme is available under the terms of the Creative Commons.. Attribution 3.0 Unported License. You are free to to copy,.. distribute a

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Mono Industrial.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):125601
                                                                                                                                                                                                                Entropy (8bit):4.936277274057021
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:UpdICL61ShMCL61ShSCL61ShMCL61Sh0CL61ShMoX7uCL61ShKCL61ShrCL61Sho:6Wzvz7o7uJG2Kf4H76VRj
                                                                                                                                                                                                                MD5:1D814F3E1CC59814BA79425CAC94576B
                                                                                                                                                                                                                SHA1:ADCB7F4DA146A2D61CF044F13429C5B130CEF9B5
                                                                                                                                                                                                                SHA-256:843D5BD28E3928B572D47E85D23E6312EA703AF2B826B974F1ED7C1837781A6E
                                                                                                                                                                                                                SHA-512:7DC7C45A42C8B4C9790ADD3FC0B39099D82B1A093F3735160949F662EC6E42DDE352E8BFFA30E30406EFAD989CEBC87011098FECE8A5052AE28136918A24D560
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //....monoindustrial..Copyright (c) 2008 Fabio Zendhi Nagao <http://zend.lojcomm.com.br/>....Permission is hereby granted, free of charge, to any person..obtaining a copy of this software and associated documentation..files (the "Software"), to deal in the Software without..restriction, including without limitation the rights to use,..copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the..Software is furnished to do so, subject to the following..conditions:....The above copyright notice and this permission notice shall be..included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES..OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT..HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGE

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Monokai.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):126906
                                                                                                                                                                                                                Entropy (8bit):4.944916516197289
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:OQHSd9WxEFpfgfEfMfYfb0lpbf+f/fQcEvrgfabfHfDEPzlkv2ln2IVra1QUHfyR:OpddIM0gIlRm3WBT2POkBBtPx
                                                                                                                                                                                                                MD5:8E7B53AD83F08531FF06068A714ACF75
                                                                                                                                                                                                                SHA1:0D0C9E8823E2787186EA684DC04D0296FDD35B4A
                                                                                                                                                                                                                SHA-256:29B401B9DD231520AA136455D51E87DD421AB09697EF1571903C8B1EC37E6B9C
                                                                                                                                                                                                                SHA-512:F7E6A8B12DB6B26DCEE478D8160635F315A0FBCA43146D78C9275BAA30C31E783D9A719C336DCB7A3245E963549B218B63E42B1D79DA6A8B1FEC175679C3F539
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //....Monokai..Copyright (c) 2008 Fabio Zendhi Nagao <http://zend.lojcomm.com.br/>....Permission is hereby granted, free of charge, to any person..obtaining a copy of this software and associated documentation..files (the "Software"), to deal in the Software without..restriction, including without limitation the rights to use,..copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the..Software is furnished to do so, subject to the following..conditions:....The above copyright notice and this permission notice shall be..included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES..OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT..HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OT

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\MossyLawn.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):141666
                                                                                                                                                                                                                Entropy (8bit):4.939188686876215
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:VBpiZ153V8MdMm/cwSzRU7H+IXj3VFtxTUie34Tz3Vz3VxqUygadr8hrW8hrV3VF:NOXarWhj+KxykKJQZgdvjvSxWHxfyBh
                                                                                                                                                                                                                MD5:EBDFDC3777D0F889926C7089A423FE13
                                                                                                                                                                                                                SHA1:BDFB23F9C0A467CC9B3C9F3180686405D3B1ADB3
                                                                                                                                                                                                                SHA-256:781826E264A0A0A128C4C0E3B87F2844F777F0368C046335E8C5634FAB1B5C23
                                                                                                                                                                                                                SHA-512:BA4A86DEBC62163F2D8AEFD415634D62A03E8AFE51A9BA171648E6F0C81EE19E805AD0C8EDA8DA14B5D6BC989A24BF6A473F891DC678299FDEBA9BBC6251B89B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //..File Name: MossyLawn.xml..Style Name: MossyLawn..Description: MossyLawn theme for Notepad++... A "natural" theme for NP++.. The hues are taken from photographs of mosses and grasses, with a few .. hues from tree trunks, autumn leaves and flowers added for contrast... The name is a tip of the hat to Terry Pratchett...Supported languages: All the languages supported by release 6.7.4..Created by: Paul Neubauer (PaulRNeubauer at gmail dot com)..Last Modified: 1/14/2015.. Added support for CoffeeScript.\....... Improved contrast for readbility........ 2023-09-30: update Perl support...Released: 4/17/2012..License: Feel free to modify this theme. .. This theme is available under the terms of the Creative Commons.. Attribution 3.0 Unported Lic

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Navajo.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):141490
                                                                                                                                                                                                                Entropy (8bit):4.90362746630265
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:sOM/q53+Vk9Cjsq3K/0Tw11SkeREkyH/2KUfKVHM4SORLadcM/UGsES0xO1:sx/rVFsq97yH24SORLad4h
                                                                                                                                                                                                                MD5:D9C10EC68DFCB52C0792EFC843C26CA3
                                                                                                                                                                                                                SHA1:53C5BE6B7FE009E8E64EB514F001D86029E8BC63
                                                                                                                                                                                                                SHA-256:C7E315FA593EC3F201E3DDCF2D5760971E930BB406B5B5DCADF7801434480534
                                                                                                                                                                                                                SHA-512:14E57E7FE151C1EF939392D3FC81BA3B2A93F86AAB002ACB53402818AD0C0217CF5E82722AD0F47B43D7158A077A3E6AE47E4C92CB683A34920324E92C08CFFD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //..File Name: Navajo.xml..Style Name: Navajo..Description: Navajo theme for Notepad++... Based on navajo.vim by R. Edward Ralston.. Official Navajo home page: http://www.vim.org/scripts/script.php?script_id=190..Supported languages: All the languages supported by release 6.7.4..Created by: Paul Neubauer (PaulRNeubauer at gmail dot com)..Last Modified: 1/14/2015.. Added support for CoffeeScript........ 2023-09-30: update Perl support...Released: 4/17/2012..License: Feel free to modify this theme. .. This theme is available under the terms of the Creative Commons.. Attribution 3.0 Unported License. You are free to to copy,.. distribute and transmit the work, to adapt the work, or to make.. commercial use of the work under the condition that

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Obsidian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):127515
                                                                                                                                                                                                                Entropy (8bit):4.938541905932877
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:HVIIqVIICVIIqVIIEVTVIIZVIIN99vVIIjnVIITVII/:HVIIqVIICVIIqVIIEVTVIIZVIIN99vV3
                                                                                                                                                                                                                MD5:FF9421317686E6B5D8E49C8FE5B15AC9
                                                                                                                                                                                                                SHA1:1D58785E2557F80B8409AEB7CA371324A9B3714F
                                                                                                                                                                                                                SHA-256:918D04795654D20DF99BC55774F23FAEA79C8DBFE2B85E536A327189100DF1FE
                                                                                                                                                                                                                SHA-512:32292D4485C32704ABB021FDADC6D118F107564C5F9E0A1635E84A86783383B09208802755466BEFDBD0F8104C79FF91850D96E14244D40E8AC9E2AD383A3885
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..Notepad++ Custom Style.... Style name: Obsidian v2.. Author: Joni Eskelinen.. Date: 2009-04-06 (last changed 2013-04-23).. Languages: php, html, css, xml, javascript, python, sql, c, c++, .. assembly, bash, batch, lua at least for detail. Everything else more or less..... Info: Inspired by Oblivion theme for gedit......... 2023-09-30: update Perl support... -->..<NotepadPlus>.. <LexerStyles>.. <LexerType name="actionscript" desc="ActionScript" ext="">.. <WordsStyle name="DEFAULT" styleID="11" fgColor="E0E2E4" bgColor="293134" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="FUNCTION" styleID="20" fgColor="E0E2E4" bgColor="293134" fontName="" fontStyle="0" fontSize="" keywordClass="type2" />.. <WordsStyle name="PREPROCESSOR" styleID="9" fgColor="A082BD" bgColor="293134" fontName="" fontStyle="0" fontSize="" />.. <WordsSty

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Plastic Code Wrap.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):127095
                                                                                                                                                                                                                Entropy (8bit):4.949781490965569
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:hpdWTkAzhXQJOPi0DBGgab4tXMdNPwLgCK9+Zjl+47Gt0hj+:vUTkAzhXQJOPir4C/WZdm
                                                                                                                                                                                                                MD5:C3AEBC5E208FCAE7CD0A7678C22871E3
                                                                                                                                                                                                                SHA1:FBEFF496BFB6D5BBB9BB237672B83CCF14CCCE83
                                                                                                                                                                                                                SHA-256:23B0DC47897F1AE85C3F1132A2B28B17FB73885B349FECCAB0DEBEC207893C98
                                                                                                                                                                                                                SHA-512:CCFC00E17507E2EB979A75448BB7FDAD7400232C2883F5EF2CE70389B6B2E087AE3B05D2842CFB802D6E6D5C47CE7D7EDAB64BC98DB5C8AEBDF232AE6C399F43
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //....PlasticCodeWrap..Copyright (c) 2008 Fabio Zendhi Nagao <http://zend.lojcomm.com.br/>....Permission is hereby granted, free of charge, to any person..obtaining a copy of this software and associated documentation..files (the "Software"), to deal in the Software without..restriction, including without limitation the rights to use,..copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the..Software is furnished to do so, subject to the following..conditions:....The above copyright notice and this permission notice shall be..included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES..OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT..HOLDERS BE LIABLE FOR ANY CLAIM, DAMAG

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Ruby Blue.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):106327
                                                                                                                                                                                                                Entropy (8bit):4.918516684585199
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:lzxCaEWqNsf4rpTeqhf1UULPWsj50mt5YLe:WaEWqNsf4rXn/50mvYy
                                                                                                                                                                                                                MD5:EF5EEDA10A24B35EFA2648E1A53DBB86
                                                                                                                                                                                                                SHA1:0BB3B3E633258F87CD3775433F4847C37B84F056
                                                                                                                                                                                                                SHA-256:D660EB8D75C93B66B338692F2AE379DC62F5FC9C9C7A764FDCD14BBC398446B0
                                                                                                                                                                                                                SHA-512:95AC698230DECA2235C189D877D49455FF0E07FDD715B20D2EE0FF33E6626638E345A6674927C938386B984C85872877C3972484CC3A9FDE6397CB06FB4E460E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..Notepad++ Custom stylers..Style name: ..Port Ruby Blue..File name: ...stylers.xml..Created by:...tomsolo (aka tonoslo on sourceforge.net)......http://www.3276.hu..Featured language:.Php, Css, Sql, JavaScript, Html, XML. ..Note: ...If u create other languages with this style please send me the modified styler.xml : tonoslo at users.sourceforge.net (ty!)..Other info:...this style is based on and inspired by Textmate (a Mac source editor, http:/www.textmate.org) user submitted theme:......Ruby Blue theme created by John W. Long, http://wiseheartdesign.com/articles/2006/03/11/ruby-blue-textmate-theme)......Thanks John!......This style available under the terms of the GNU Free License.......Requirements: ...1. The style is based on DejaVu fonts, go to ...http://dejavu.sourceforge.net/wiki/index.php/Main_Page...and grab this font pack and install (use DejaVu Mono)....2. Use Cleartype, for nice smooth font on screen (optional)....3. Notepad 3.5

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Solarized-light.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):142107
                                                                                                                                                                                                                Entropy (8bit):4.950242974297839
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:TENN0C13kB+oEVDbkUTm5sWNbHJKrBZ/U9QplI2:TENN0C13kB+oEVDbkUTm5sWNbHJKrBZ9
                                                                                                                                                                                                                MD5:D3C9825501722E55A18A00E7343E7300
                                                                                                                                                                                                                SHA1:6214364D087F59EC5BA8B6806D821A3435EBD6C7
                                                                                                                                                                                                                SHA-256:624EB205E58AF9440F1EFC4AED34D555F982D2E99CE4EB58C7EE8D0A7AF30C12
                                                                                                                                                                                                                SHA-512:107177E9A0A251938BF7E160FAB9984FFC72F2F0DF4622B9B3FE5869107E7185F0338F27F935EBF360DB64D70285E937FCCCBF2F5294D6247104395B2649B09F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //..File Name: Solarized-light.xml..Style Name: Solarized-light..Description: Solarized theme for Notepad++... Based on Solarized by Ethan Schoonover.. Official Solarized home page: http://ethanschoonover.com/solarized..Commpliance: Nearly complete (see README.txt for exceptions)...Supported languages: All the languages supported by release 6.7.4..Created by: Paul Neubauer (PaulRNeubauer at gmail dot com)..Last Modified: 1/14/2015.. Added support for CoffeeScript........ 2023-09-30: update Perl support...Released: 3/7/2012..License: Feel free to modify this theme. .. This theme is available under the terms of the Creative Commons.. Attribution 3.0 Unported License. You are free to to copy,.. distribute and transmit the work, to adapt the work, or to ma

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Solarized.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):192162
                                                                                                                                                                                                                Entropy (8bit):4.953473938909704
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:bFj4VFD35Xq8VQvJFOrc+QgmVMJKX+dYlHRfIvcalclPqD2:bFj4VFD35Xq8VQvJFOrc+QgmVMJKX+ds
                                                                                                                                                                                                                MD5:9A05DF5E6110D27AD3D338F4536BD877
                                                                                                                                                                                                                SHA1:0FAAF7A992E7B0DF533DFE6E2EEFF91ED7FBB635
                                                                                                                                                                                                                SHA-256:A2221985B7AB9EDCB99CAFFF3413DC0E816FF993FBD55635A3901D72A161BA69
                                                                                                                                                                                                                SHA-512:2F7FDD49E6C72DE4A5F3A7B9DC796B789B0A6D408BB51B0EEBC0F7D08812ED8BA7AFE08AF0E136B9AB6C3BEF450C225F45E760F82D6181E47FCEB710AD805BB5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //..File Name: Solarized.xml..Style Name: Solarized..Description: Solarized theme for Notepad++... Based on Solarized by Ethan Schoonover.. Official Solarized home page: http://ethanschoonover.com/solarized..Commpliance: Nearly complete (see README.txt for exceptions)...Supported languages: All the languages supported by release 6.7.4..Created by: Paul Neubauer (PaulRNeubauer at gmail dot com)..Last Modified: 30 October 2022.. Added support for all of the missing languages (up-to-date with stylers.xml)........ 2023-09-30: update Perl support...Released: 3/7/2012..License: Feel free to modify this theme... This theme is available under the terms of the Creative Commons.. Attribution 3.0 Unported License. You are free to to copy,.. distribute and transmi

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Twilight.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):125430
                                                                                                                                                                                                                Entropy (8bit):4.947809340037929
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:OQHSd9WxEFgaHawaUa/ayOWiIaJaHay9rcng7azrYp4e6Y/E9T23gz4tUZVMa9tZ:Opd8CTBKAWdk4qBDT+p+P+bliJ
                                                                                                                                                                                                                MD5:28B5D1AD4741EE0DC9B77646E8793218
                                                                                                                                                                                                                SHA1:A26568F4DC181FE44757F18A5478DE4243F59E27
                                                                                                                                                                                                                SHA-256:7EBED8E37098BDB0518A35B739B3299B47E8157A9ACB0A7D7807E31C18D84B13
                                                                                                                                                                                                                SHA-512:52FF0B71B508B75CC495454293D35FF50D43908E70A8740A812A382EB3D9C8788D7381C3D938870695F94230092B8E6678A23897C1FF2E9BD6808EB74A2094F9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //....Twilight..Copyright (c) 2008 Fabio Zendhi Nagao <http://zend.lojcomm.com.br/>.. 2011-2014 Renato Silva <br.renatosilva@gmail.com>....Permission is hereby granted, free of charge, to any person..obtaining a copy of this software and associated documentation..files (the "Software"), to deal in the Software without..restriction, including without limitation the rights to use,..copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the..Software is furnished to do so, subject to the following..conditions:....The above copyright notice and this permission notice shall be..included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES..OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..NONINFRINGEMENT. IN NO EVENT SHALL THE AU

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Vibrant Ink.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):122883
                                                                                                                                                                                                                Entropy (8bit):4.858449835408721
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:QyyEyOeIUtoQhFwCuwTUNRtGTGLYxmpvKUTq8ZKuI4sHapX:QyyEyGUtoQheCKR4TiAvQ
                                                                                                                                                                                                                MD5:5E4AEA1E8581A3EA284FFFAEBD47C31E
                                                                                                                                                                                                                SHA1:7B0DDE22E3373A7F034CFF4F64CD9C9E429117B1
                                                                                                                                                                                                                SHA-256:585AD16F23A439DFBB66B44EFE3C0EDFE2BB33822D5D85CC808C330CEE216C78
                                                                                                                                                                                                                SHA-512:88FA690D1818079A3B58234DE591C1D3D1F09B681E3D871E9DDC733780CADC4A98AFA17814C1C93A5CECCFE3C5E74F0A23F817AA26230DCAC063E1E7AE4B7D1E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..Style Name: Port VibrantInk..Description: Based on the Textmate theme VibrantInk (http://alternateidea.com/blog/articles/2006/01/03/textmate-vibrant-ink-theme-and-prototype-bundle) by Justin Palmer..File name: ...stylers.xml..Created by:...tyler (tyler at impoverishedgourmet.com)..Featured language:.Php, Css, JavaScript, Html, XML, others? ..Note:....Feel free to modify this style and re-release it. Any additions to languages or syntax to bring it closer to VibrantInk would be appreciated........This style available under the terms of the GNU Free License.....Install: copy your installed Notepad++ directory root, overwrite old stylers.xml (backup old file first), ..or copy %APPDATA%\Notepad++\..overwrite old stylers.xml (backup old file first)....Keep Notepad++ development active, donate!:..http://sourceforge.net/donate/index.php?group_id=95717....2007.11.16....... 2023-09-30: update Perl support...-->..<NotepadPlus>.. <LexerStyles>..

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\Zenburn.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):215793
                                                                                                                                                                                                                Entropy (8bit):4.889976939324272
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:RJgGbDkp/QDD16Jr/BhbOSBsoCgHbDkpxJgGbDkpbJgGbDkpLHcGdwJgGbDIJtJ6:C
                                                                                                                                                                                                                MD5:8D5C451AE113C1A00472AFB9C3B9765B
                                                                                                                                                                                                                SHA1:5DE72565951681DD76B2140E66DA7A5204FC0508
                                                                                                                                                                                                                SHA-256:FEE6511FC05B61088CD59F200AE6A7D82F3C7EAA612A59D855F4640AD5841503
                                                                                                                                                                                                                SHA-512:C40E672C2A7C49ABA0063974D675733FDF72458814C7173674A17535444ED15DA157C93C33B2100ADF5D245BCF91F2EB0A98041249FAF5D3CFB96FC86285E4CE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..File name: Zenburn.xml..Style Name: Zenburn..Description: Zenburn-like style for Notepad++... Inspired by the original Zenburn colorscheme for Vim by Jani Nurminen... Official Vim Zenburn home page: http://kippura.org/zenburnpage/..Supported languages: All the languages supported by release 7.7..Created by: Jani Kes.nen (jani dot kesanen gmail com)..Released: 25.06.2019..License: GPL2....... 2023-09-30: update Perl support... -->..<NotepadPlus>.. <LexerStyles>.. <LexerType name="actionscript" desc="ActionScript" ext="">.. <WordsStyle name="DEFAULT" styleID="11" fgColor="DCDCCC" bgColor="3F3F3F" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="FUNCTION" styleID="20" fgColor="EFEF8F" bgColor="3F3F3F" fontName="" fontStyle="0" fontSize="" keywordClass="type2" />.. <WordsStyle name="PREPROCE

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\khaki.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):141459
                                                                                                                                                                                                                Entropy (8bit):4.860894953789153
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yji63Ri8ti0PkiNtbi2Zciq8oT9W9hmQg5:Gi6Bi8ti0PkiNtbi2Siq809W9hmD5
                                                                                                                                                                                                                MD5:3CA26E284EA654051D2349BC872829B1
                                                                                                                                                                                                                SHA1:F4AB279ACE2A0506CF58B61DD4E384C3B79683E1
                                                                                                                                                                                                                SHA-256:4BB06DA14C57FF60EEC8B122495FD23EE27A74ABC9F963C1E3DA17FC65E6F033
                                                                                                                                                                                                                SHA-512:8FA21A22FD76BB1F195409D740882BFCE16FF391E64B681A6A0671588D3FE6E0FDEEC3B5D271F9D1DA3672799829217A2B216C3B199130B9AD5FE941BA97FCD8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. //..File Name: khaki.xml..Style Name: khaki..Description: khaki theme for Notepad++... Based (moderately closely) on khaki.vim by Frank Baruch.. http://www.vim.org/scripts/script.php?script_id=1987..Supported languages: All the languages supported by release 6.7.4..Created by: Paul Neubauer (PaulRNeubauer at gmail dot com)..Last Modified: 1/14/2015.. Added support for CoffeeScript... ..... 2023-09-30: update Perl support...Released: 4/17/2012..License: Feel free to modify this theme. .. This theme is available under the terms of the Creative Commons.. Attribution 3.0 Unported License. You are free to to copy,.. distribute and transmit the work, to adapt the work, or to make.. commercial use of the work under the condition that you must..

                                                                                                                                                                                                                C:\Program Files\Notepad++\themes\vim Dark Blue.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):123105
                                                                                                                                                                                                                Entropy (8bit):4.831713913232481
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:DsGCZJFqKX6F5Wn0LpsMnS03g8ZGDyjGf+ca2k1ZrAyZHqOxOtypuEQWPG/CEfm3:grSHZyi84BnXRJM3EZ2WfX
                                                                                                                                                                                                                MD5:35E4FFA930AB71E3F5ECDEE63001F475
                                                                                                                                                                                                                SHA1:54B2C02569C4AD3D9C897CF44238A71B6BFFAF6D
                                                                                                                                                                                                                SHA-256:0D11F2C1080A7816AF2D321AEDE7E424C693F8A92A012BEBC0CBCBF744F4C9C9
                                                                                                                                                                                                                SHA-512:C9C8EF035B0F1902DD499B9DBEC9A20BADFF8C7DF41F3013D4D80B1BF2AEC0D25E984854F0861614E86533863BC5BBE0482124EE2EEB71463A67B1075E823391
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. <LexerStyles>.. <LexerType name="actionscript" desc="ActionScript" ext="">.. .. <WordsStyle name="DIRECTIVE" styleID="19" fgColor="A001D6" bgColor="000040" fontName="" fontStyle="1" fontSize="" keywordClass="instre2" />.....-->.. <WordsStyle name="DEFAULT" styleID="11" fgColor="FFFFFF" bgColor="000040" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="FUNCTION" styleID="20" fgColor="95004A" bgColor="000040" fontName="" fontStyle="0" fontSize="" keywordClass="type2" />.. <WordsStyle name="PREPROCESSOR" styleID="9" fgColor="804000" bgColor="000040" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="INSTRUCTION WORD" styleID="5" fgColor="0000FF" bgColor="000040" fontName="" fontStyle="1" fontSize="" keywordClass="instre1" />.. <WordsStyle name="TYPE WORD" styleID="16" fgColor="8000FF" bgColor="000040" fontName="" fontStyle

                                                                                                                                                                                                                C:\Program Files\Notepad++\uninstall.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):278352
                                                                                                                                                                                                                Entropy (8bit):6.7732800263327375
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:CnPdudwD/SIvF68OZGbpYByPT7lyvIcoP5E/XfKRpqf:CnPdmIvk8OvByPHly525E/XSRwf
                                                                                                                                                                                                                MD5:2EE257B23567DDE3750FC54CF60F6B94
                                                                                                                                                                                                                SHA1:C548B583FBD2D696924AFCF179A7302EA0C90E03
                                                                                                                                                                                                                SHA-256:1C3130679D1DD7ED1615D35C4552810D0D7D4579151741D99DDDA639B57580EB
                                                                                                                                                                                                                SHA-512:DD1062ACC924EF9945CA2D1E1CA38EF172CEFA42E328D67FC688EBE08951EF8AC2CB0A01B9F2544E82F8E30F63234A42F9F48BEF1F1028930F13524E6ACE0FC3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...g.d.................h..."......E6............@..................................X....@..........................................`...a..............X)...........................................................................................text....f.......h.................. ..`.rdata..X............l..............@..@.data...x...........................@....ndata...................................rsrc....a...`...b..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\updater\GUP.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):804696
                                                                                                                                                                                                                Entropy (8bit):6.447184953845478
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:+AstffLBk3Q45wU0/St0Z4j9lAx5ylTxEIyTX+ZY/:Ps9uQ45oyj9lE5yFuTXv/
                                                                                                                                                                                                                MD5:7916289A402842C2AD6D11EC09C31145
                                                                                                                                                                                                                SHA1:5A3FE6D70B2FBCF93D693A53FDF2FCD9BE4B1E91
                                                                                                                                                                                                                SHA-256:1F8C7A202AC9F64EFBEDB420B6160EF4F9852F6FF1AA36ABAA64BFB76B142E15
                                                                                                                                                                                                                SHA-512:F8C76638ECCEBF040315970429FB410D6B4DF4B7128818218049DBB9751B6E12F19BA00CA4746C68FE2ED8D2C24F97EC3DEB84EE88B5ABF50DD997AB3576BB84
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........D...*...*...*...)...*.../.F.*......*.;<...*.;<)..*.;<...*.;</...*...+...*..=+...*...+.N.*..;#..*..;...*.......*..;(...*.Rich..*.........................PE..d......f.........."....(.N..........@..........@.............................`......u.....`..................................................h.......0..........`Z......X)...@.........8.......................(.......@............`...............................text...TL.......N.................. ..`.rdata.......`.......R..............@..@.data....O.......4...l..............@....pdata..`Z.......\..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\updater\LICENSE

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7804
                                                                                                                                                                                                                Entropy (8bit):4.557034958828881
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:HhKdfuB05iy5ylXFln0LxDvvzDyf1/rKpC:4dfsgi6uD0LlPs
                                                                                                                                                                                                                MD5:8E3494BF8CF1967AFD3B1016FBBE5BB0
                                                                                                                                                                                                                SHA1:B1608ABB6E19EF60F4B9C52F6E05BF81CC97D0C2
                                                                                                                                                                                                                SHA-256:319917F5CCD09878DB6F67C9A77DEE846055644CA49EB535628B9E020A87261E
                                                                                                                                                                                                                SHA-512:11294EFDBF6203801EDFC8C4A55E106E80196AE65BB024359C3D105736251BE5ED7A5A1E802CB492BE112668E1C6A632ECA4CBCF9BE62775A82ADF6E5ECB974E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.. GNU LESSER GENERAL PUBLIC LICENSE.. Version 3, 29 June 2007.... Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed....... This version of the GNU Lesser General Public License incorporates..the terms and conditions of version 3 of the GNU General Public..License, supplemented by the additional permissions listed below..... 0. Additional Definitions. .... As used herein, "this License" refers to version 3 of the GNU Lesser..General Public License, and the "GNU GPL" refers to version 3 of the GNU..General Public License..... "The Library" refers to a covered work governed by this License,..other than an Application or a Combined Work as defined below..... An "Application" is any work that makes use of an interface provided..by the Library, but which is not otherwise based on the Library...Defining a subclass of a class

                                                                                                                                                                                                                C:\Program Files\Notepad++\updater\README.md

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3763
                                                                                                                                                                                                                Entropy (8bit):5.084503904597542
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:BAZqP1bGnhHrgRfF3HjfeDHF7Ml7ktR3aGa8vO:BAsP1buhHrWdjoFdtGB
                                                                                                                                                                                                                MD5:BD0CD75D784913DED2152CD7A182853E
                                                                                                                                                                                                                SHA1:63A9A3231309A4ACDD0C124B518257CC0DDA88EE
                                                                                                                                                                                                                SHA-256:0E7418F89CE1CAD3B24D37F2B599CDF0B9D2E9A2A401D00E2FB9579E900160C8
                                                                                                                                                                                                                SHA-512:67B5905270723F0B84973B6FA4CF0D06CD4FD0E72A877970491273DDEA4D42819D8853134877C564FBA7E3D69C4DF322DA7B5743B24928FA987C9FC20E776D0A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:What is WinGUp for Notepad++?..--------------------------....This project is the fork of [WinGUp](https://github.com/gup4win/wingup)...WinGUp has been built for Notepad++'s need, but keep its functionality generic for being able to be used on any Windows application. With new built-in Plugins Admin in Notepad++, a more specific updater for Notepad++ is necessary. Hence this fork from the original WinGUp.......What is WinGUp?..---------------....WinGUp is a Generic Updater running under Windows environment...The aim of WinGUp is to provide a ready to use and configurable updater..which downloads a update package then installs it. By using cURL library..and TinyXml module, WinGUp is capable to deal with http protocol and process XML data.......Why WinGUp?..-----------....Originally WinGUp was made for the need of Notepad++ (a generic source code editor under MS Windows)...During its conception, the idea came up in my mind: if it can fit Notepad++, it can fit for any Windows program...So

                                                                                                                                                                                                                C:\Program Files\Notepad++\updater\gup.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4608
                                                                                                                                                                                                                Entropy (8bit):5.013974397364661
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:rrxgFDl+72Y+WbPRkrm1+U4YeJS2kG6QrABYUCJ8PYPwJrkFI:rVgFhunzbpka1+UNQo2sBCPwJrkFI
                                                                                                                                                                                                                MD5:ABDE55A0B1CB4A904E622C02F559DCD1
                                                                                                                                                                                                                SHA1:1662F8445A000BBF7C61C40E39266658F169BF13
                                                                                                                                                                                                                SHA-256:92717951AAE89E960B142CEF3D273F104051896A3D527A78CA4A88C22B5216A5
                                                                                                                                                                                                                SHA-512:8FE75FB468F87BE1153A6A0D70C0583A355F355BFE988027C88D154B500E97F2C5241D9557EBB981067205E2F23AD07B6A49C669CD3E94EAA728201173B235A0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" ?>.. .. Copyright 2007 Don HO <don.h@free.fr>..... This file is part of WinGup..... WinGup is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... WinGup is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->..<GUPInput>... optional....It's the current version of your program. WinGup will add "?version=versionNumber" at the end of InfoUrl....This parameter will be ignored if you pass directly your version number to WinGup

                                                                                                                                                                                                                C:\Program Files\Notepad++\updater\libcurl.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):749912
                                                                                                                                                                                                                Entropy (8bit):6.4648618355760545
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:lqZhAyY6tL3xCIeCPZcxBbRe0njw7K8r23faxadouA49Y2Qey:lq/AItL3JeCPZcxXeRifajuAIYC
                                                                                                                                                                                                                MD5:E72D7269F3CD90E7EB346475DEA5F869
                                                                                                                                                                                                                SHA1:E8048E03055A167CDCAD6FF5647B0F8A5B34023E
                                                                                                                                                                                                                SHA-256:F8BFC09C5DF142DEF4A7873D69F22C2CB77CE37790F1084EED86E2F4442ABDD9
                                                                                                                                                                                                                SHA-512:343BCF2A2E0C9B34FD28501751D7F4929C35DDAC4C49CC8C47BAA836AD05659B750B1045F8E215D37FC14F22F00B066E317827B939163E74F0A756AF07E56191
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................:...............A>g....A>.....A>.....A>........O.........q=..'...q=.....q=e....q=.....Rich............PE..d......e.........." ...'.Z................................................................`......................................................................f...H..X)......(...................................P...@............p..@............................text...PY.......Z.................. ..`.rdata...4...p...6...^..............@..@.data...xH.......4..................@....pdata...f.......h..................@..@_RDATA.......p.......0..............@..@.rsrc................2..............@..@.reloc..(............6..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files\Notepad++\updater\updater.ico

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 5 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):133872
                                                                                                                                                                                                                Entropy (8bit):5.997100269902781
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:KZGjXpoGoByXPQs2UTXQ8yb7aFcPiSIvF68fJx:KZGbpYByPT7lyvIcqSIvF68fn
                                                                                                                                                                                                                MD5:4550BD860351F6A78C739DB8A37384DC
                                                                                                                                                                                                                SHA1:B09E179B906D8477BEEE211724921E05D0126B41
                                                                                                                                                                                                                SHA-256:FB40C912B218A71BD7BC1AEEF5530165DF60D0B4F896929F989B8FF37A98D459
                                                                                                                                                                                                                SHA-512:29729D0244192370D6FB6D8B7243E4610CBDCEA52FF69805B16F019B9E0B570EA71A0F1773BCC0B13BA39252CB201F2A12B473C2C1FE17B16F475261B723E032
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............ .....V......... .(.......00.... ..%..8... .... ............... .h........PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y.\Wu...{.S..C..y.eK6.,c......\......e.p. ...!@.nnB...!.p.....m..@.dcl.A.5X...j..cu.\....QCWU.dYR.$...).......Z{..Z.....,`..X......,`..X......,`..X.K..l.`./.twww.c....1!..1..F).R..("..Q...............^.XP..8etuu9..J........Dd5.T).....RXk.F.R.T..a..0P..>....x0.|......,`..8I...tk...1...q...q]W.1.8N........i|o.sO.c~g...6m.....\.`.,.E...'.8...._.~...^.Zc......Zk.....k......E.'K........ht..'..y.....l.`...z{{W.....f?.....u..W..I.4>...,.c...t.....P0.<.b.....y......`./.T*.........MD~_D..M;yM....p]...vb...h.p8..y.......[.L..j./.............y./.,...8!.....t......\Q.g@D..b...........Y.z.}}}.n.S.2G....g.....X,6f..`.}x......}s:.)......T*.'''.....i.W[kM.._.....[...E.7.~.:.-[..e.X.t).....<.....c............~.R.T.O.u..%K.xA.,`..H$.vc......}-..8.\.........[%.....V|....f}../""###..o.[...HOOOS.5K.l._8..d..xY...{E0...1.<[

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Sep 17 14:17:16 2024, mtime=Fri Oct 11 17:35:37 2024, atime=Tue Sep 17 14:17:16 2024, length=8487768, window=hide
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):877
                                                                                                                                                                                                                Entropy (8bit):4.55498485810596
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:8mkstu20YXTKh9iFbdpF4wXo8RKPATS6BlyPxOjAKlATbdp52PwEMbdp55OxMxZS:8mksndU8MYTbyZyAvdH2oxdH5OGfBm
                                                                                                                                                                                                                MD5:4376AB2B3A55E1992C956F4A955BCAA5
                                                                                                                                                                                                                SHA1:5E258FD3A2C3BFF268875A99D5B9770B2EDCC2E8
                                                                                                                                                                                                                SHA-256:CF29C04FA405DACC54DA2D7A1CFC1A664F0BC4FA7E12AA21928C495340DE15A8
                                                                                                                                                                                                                SHA-512:885B53A70DDE6E2AC8A6B239762766DFBA9F0C4F4A8A14C6750B5BA6DA9200054AB9A3FAD4971444ADC88665FAE5ECBAB770237FAD3D9193147A7A1E2997F681
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:L..................F.... ...........o.]...........X............................P.O. .:i.....+00.../C:\.....................1.....KYZ...PROGRA~1..t......O.IKYZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....\.1.....KY\...NOTEPA~1..D......KYZ.KYa.....I......................$..N.o.t.e.p.a.d.+.+.....h.2.X...1Y(z .NOTEPA~1.EXE..L......1Y(zKYs.....\C........................n.o.t.e.p.a.d.+.+...e.x.e.......W...............-.......V..............e.....C:\Program Files\Notepad++\notepad++.exe..4.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.o.t.e.p.a.d.+.+.\.n.o.t.e.p.a.d.+.+...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.N.o.t.e.p.a.d.+.+.`.......X.......910646...........hT..CrF.f4... ..........,.......hT..CrF.f4... ..........,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_notepad++.exe_55aa45bfb9b4d7aedc87cfe142b6c8daa6acdac_b7b7239a_63e17a0f-b677-4e2d-b548-14bb6fca41c4\Report.wer

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                Entropy (8bit):1.1556340259387496
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:CK010Hh7dYIBdgiLLFbi0VEh3n2V2mjJTMkBCMEzuiFTZ24lO8/02u:GKBCi/BpVEh3QjTOzuiFTY4lO8k
                                                                                                                                                                                                                MD5:3759E43988E66A1ECF983BDA752794BD
                                                                                                                                                                                                                SHA1:DECF4C2DD9E12DF90DD938C6A2FC5D3F62B756C8
                                                                                                                                                                                                                SHA-256:D2D94C9CE9DC8E4438DCA0620368218140318EA3DAD283E241914520C2AD9233
                                                                                                                                                                                                                SHA-512:D484DBE7D33ABB8ABAB9A08027ED9E5B4986D5E2A0ED519E117B591F692C004318264ECF02D9FE1AFD9EB9D54114B8B76205F934078C95CB8D5F9947345C8942
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.4.5.3.1.8.0.4.2.3.7.9.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.4.5.3.1.8.5.8.9.2.4.3.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.3.e.1.7.a.0.f.-.b.6.7.7.-.4.e.2.d.-.b.5.4.8.-.1.4.b.b.6.f.c.a.4.1.c.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.6.8.7.4.f.b.6.-.e.7.1.6.-.4.8.7.3.-.8.1.b.c.-.4.3.2.5.7.3.1.8.f.d.d.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.n.o.t.e.p.a.d.+.+...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.n.o.t.e.p.a.d.+.+...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.4.0.-.0.0.0.1.-.0.0.1.4.-.2.3.d.0.-.9.6.4.7.0.c.1.c.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.e.6.2.d.0.e.6.7.a.8.b.2.2.1.2.0.3.4.d.6.b.2.6.7.2.8.1.4.c.a.0.0.0.0.0.9.0.4.!.0.0.0.0.1.b.d.4.0.8.4.5.3.a.e.2.9.9.3.8.5.a.b.0.b.0.9.e.d.c.8.4.3.1.2.a.8.3.7.9.1.5.6.a.!.n.o.t.e.p.a.d.+.+...

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER8889.tmp.dmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                File Type:Mini DuMP crash report, 15 streams, Fri Oct 11 18:35:18 2024, 0x1205a4 type
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):169988
                                                                                                                                                                                                                Entropy (8bit):1.5734621834758715
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:r6JCKq06oWdgMvI3Iysc1Qe10sDQ7QbfuVnhhpCyFidvcv5z0peCd:cCBN/dlvI3IYQN774fuVL/idUxWN
                                                                                                                                                                                                                MD5:54A3C64DE6FB097D6956BA9C154914C7
                                                                                                                                                                                                                SHA1:9AF35E39F03A7B8A558B01C66B817FE329DBA211
                                                                                                                                                                                                                SHA-256:5CD5C1AE779125CB7EC4A86847BC75EE32772B2D34883B73F6AB0FEE058D835B
                                                                                                                                                                                                                SHA-512:A37A110221C0E3ED05589B405FC405434BCC842891BF84CA8E993ED4A567245308E0396E0CA27F20960BFE4862C4216753859F00BFC9E16B70313503CDD4C470
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MDMP..a..... ........o.g......................... ..........l...x)..........:k..........`.......8...........T............<...[...........)...........+..............................................................................eJ......h,......Lw......................T.......@....o.g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER89E2.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10176
                                                                                                                                                                                                                Entropy (8bit):3.7176005805709265
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:R6l7wVeJ4tW36Y5SngmflVUOfpru89bBEZfjDrm:R6lXJ736YMngmfUOFB6f6
                                                                                                                                                                                                                MD5:255FB9ECC0A48E6B4AE679236803C040
                                                                                                                                                                                                                SHA1:2D4CE7502E2635F5CE61B949BA6F092515E6399A
                                                                                                                                                                                                                SHA-256:52A428142C8EFFB32C40072C04641FB3D3124313D07C20F3EE55CD5BF91D6063
                                                                                                                                                                                                                SHA-512:42E87A8A442C4DD6F72BE80B87A1F89C4BB764A98889202006A096EEDD645A30BCCF1CC353969765E82665672C0DBE8290E7B55DF6CB97658302152A77195B6B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.7.6.<./.P.i.

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER8A12.tmp.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4707
                                                                                                                                                                                                                Entropy (8bit):4.461077053485289
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cvIwWl8zsaJg771I9QbWpW8VYx5Ym8M4J9TFIogoyq85ZgDaba0d:uIjfoI7vq7VrJ/L7aba0d
                                                                                                                                                                                                                MD5:A42DAE9F5865908C536E247F7C48FF13
                                                                                                                                                                                                                SHA1:DD4C8E506294E974BABCB697412B623CEFB81D51
                                                                                                                                                                                                                SHA-256:09604364A4938A34D80882456EDA4EF186A1CE9FD6B8DDB57ACC85FB409FEEA3
                                                                                                                                                                                                                SHA-512:B33EE5BC574C9DFFDE5F26B3A908299226BABF2C3C9B587AA816187DA90A0A712D9F2066263A1B8D3A6135A72720D9DE7E3EC27E16A2C338F14D580B023F47C2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="539137" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Notepad++\updater\GUP.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6637056
                                                                                                                                                                                                                Entropy (8bit):7.989394973427714
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:196608:y5FUQ8WzTSAlaLIqzCWI6z12SPpkv5xGbAWqcwAr:y5FUFotaM4CWI6z1jSgAfcwAr
                                                                                                                                                                                                                MD5:AA25B8D9BF2D7095F76D0BA6568785B1
                                                                                                                                                                                                                SHA1:68B328D7B24F3C8234CFF383944BD8C545B1FC27
                                                                                                                                                                                                                SHA-256:23D8E9BDE3D08DF26626AF9978A09F8837D7162FD1ACCF563248D0EEF89006FE
                                                                                                                                                                                                                SHA-512:69788652683E7DE01C9DA3901754DEB5222D5E2D82AACAEBD5DBCE10531A2C6A0E38C23984A3F13167B073A42EB27C6AAEE8674D2DB0D5A57DC71A175D1B1633
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...g.d.................h..."......E6............@...................................e...@..........................................`...a............e.X)...........................................................................................text....f.......h.................. ..`.rdata..X............l..............@..@.data...x...........................@....ndata...................................rsrc....a...`...b..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd8260.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26038523
                                                                                                                                                                                                                Entropy (8bit):6.720310037405468
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:196608:7ZVm/OkKe5LL+YnqS9EbEC5cxQQd6qSUXNxdtPQSCTew4VTKM5c6Sav5k:7uOkKlKt9+EIcxQeNdPEVCTBVv5
                                                                                                                                                                                                                MD5:DEE488C08FF6A2031858CBF6E6BD9019
                                                                                                                                                                                                                SHA1:1C9106E649EB545C11D407805D60DAF2FC88104B
                                                                                                                                                                                                                SHA-256:65B9AFE38EBF394ECBC24924DF827E970FEE977ADB2912A6C53379524F843567
                                                                                                                                                                                                                SHA-512:7B31C02412142C93574EB2A783D2004E8C03A63BDAA52416332E6A2CD887FF9EA17B5C9C54D137AE448354F015AB4A5735E734684FB6AE8BC9FB027C127AFFA6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.g......,.......,.......|....-..............:....f..........................C...........................j............-..................e-......n...........................................................................................................................................6...9............F..................................................................f...............................................................g...............................................................h...............&.......................................................[.......................................................j.......'...,...........................................................................................................................:...............................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\InstallOptions.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15872
                                                                                                                                                                                                                Entropy (8bit):5.471472713414473
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
                                                                                                                                                                                                                MD5:D095B082B7C5BA4665D40D9C5042AF6D
                                                                                                                                                                                                                SHA1:2220277304AF105CA6C56219F56F04E894B28D27
                                                                                                                                                                                                                SHA-256:B2091205E225FC07DAF1101218C64CE62A4690CACAC9C3D0644D12E93E4C213C
                                                                                                                                                                                                                SHA-512:61FB5CF84028437D8A63D0FDA53D9FE0F521D8FE04E96853A5B7A22050C4C4FB5528FF0CDBB3AE6BC74A5033563FC417FC7537E4778227C9FD6633AE844C47D9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.px.q.+.q.+.q.+.q.+[q.+.~C+.q.+^R.+.q.+^R/+.q.+.w.+.q.+.Q.+.q.+Rich.q.+........PE..L...O.d...........!.........`.......+.......0............................................@..........................8......X1..................................X....................................................0..X............................text............................... ..`.rdata..G....0......."..............@..@.data...DL...@.......,..............@....rsrc................6..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\LangDLL.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5632
                                                                                                                                                                                                                Entropy (8bit):3.81833601044378
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:S46+/pTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8m/ofjLl:zbuPbO5tCZBVEAWyMEFv2CmCL
                                                                                                                                                                                                                MD5:50016010FB0D8DB2BC4CD258CEB43BE5
                                                                                                                                                                                                                SHA1:44BA95EE12E69DA72478CF358C93533A9C7A01DC
                                                                                                                                                                                                                SHA-256:32230128C18574C1E860DFE4B17FE0334F685740E27BC182E0D525A8948C9C2E
                                                                                                                                                                                                                SHA-512:ED4CF49F756FBF673449DCA20E63DCE6D3A612B61F294EFC9C3CCEBEFFA6A1372667932468816D3A7AFDB7E5A652760689D8C6D3F331CEDEE7247404C879A233
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L...P.d...........!........."......?........ ...............................p............@.........................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\System.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                Entropy (8bit):5.805604762622714
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
                                                                                                                                                                                                                MD5:4ADD245D4BA34B04F213409BFE504C07
                                                                                                                                                                                                                SHA1:EF756D6581D70E87D58CC4982E3F4D18E0EA5B09
                                                                                                                                                                                                                SHA-256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
                                                                                                                                                                                                                SHA-512:1BD260CABE5EA3CEFBBC675162F30092AB157893510F45A1B571489E03EBB2903C55F64F89812754D3FE03C8F10012B8078D1261A7E73AC1F87C82F714BCE03D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L...S.d...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\UserInfo.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                Entropy (8bit):3.3417962237544945
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:qKYHC+J4apHT1wH8l9QcXygHg0ZShMmj3jkRTbGr7X:5piRzuHOXTA0H6jkRnGr7X
                                                                                                                                                                                                                MD5:D458B8251443536E4A334147E0170E95
                                                                                                                                                                                                                SHA1:BA8D4D580F1BC0BB2EAA8B9B02EE9E91B8B50FC3
                                                                                                                                                                                                                SHA-256:4913D4CCCF84CD0534069107CFF3E8E2F427160CAD841547DB9019310AC86CC7
                                                                                                                                                                                                                SHA-512:6FF523A74C3670B8B5CD92F62DCC6EA50B65A5D0D6E67EE1079BDB8A623B27DD10B9036A41AA8EC928200C85323C1A1F3B5C0948B59C0671DE183617B65A96B1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L...T.d...........!................~........ ...............................P............@.........................@"......l ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...h....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\bulgarian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3096
                                                                                                                                                                                                                Entropy (8bit):5.674854328649073
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:w/vxgWk0zUT0zxk0g7O0zt0zG0PbE2GQUD0zSAW:w/pgWkmUTmTmtmG4E2PQmSn
                                                                                                                                                                                                                MD5:235793F11C5F2C5F4A3B2513601F1FE9
                                                                                                                                                                                                                SHA1:D51726AA405DD04A2196BAC9475DB8144C7E036A
                                                                                                                                                                                                                SHA-256:D4D64776A751931F7C465F6C13B1B4DEA6F27DDA06AE90E34127EDF8A33EBDA2
                                                                                                                                                                                                                SHA-512:EB829FEA56BA72DA96F25ACD6235311A9AACA711B4229473B5DCB510CB923F93F9B4CC85D6C63753CE25B6D1950F75863479B2A45F998E614ECC9DBD7192A664
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ========================================== [ Bulgarian localization ] ===\..|..| Translators:.....: 2023.yyyy . Rusi Dimitrov;..| Last revision:...: 01.07.2024 by Rusi Dimitrov <npp[at]rdd.anonaddy.com>..|..\========================================================================== -->.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should hav

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\catalan.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1418
                                                                                                                                                                                                                Entropy (8bit):5.2886005682441795
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dqrO3SAybykOkHbCTbVfIQHWRYNEN6vOLToNfJVOLWoNdevoNwtsoNkbYjjNBMe:cqqSnbyAHg2R+vOLTOOLWeev9uhUjnMe
                                                                                                                                                                                                                MD5:A91DC3C39B0B52E500FE25D2BC362DCE
                                                                                                                                                                                                                SHA1:A27849E4280BF3D5268D68CC06291B9F2DCB445B
                                                                                                                                                                                                                SHA-256:F8D007309E59318C637897296AF82A3F49CDE999ED10DF42EE91170BCF1833F5
                                                                                                                                                                                                                SHA-512:8AEF9F71C25EA20DF944B5D311B0F2650D00417BAAD81E81030E85CDA4CCE0C8EE06DBC5D7E66BA01DF612C93849B3E361BE40D115FE9F25E8EE5C87C8CECFD5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2015 Adolfo Jayme Barrientos <fitojb@ubuntu.com>..... This file is part of GUP..... GUP is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Catal.">...<PopupMessages>....<MSGID_NOUPDATE content="No hi ha cap actualitzaci. disponible." />....<MSGID_UPDATEAVAILABLE cont

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\corsican.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2780
                                                                                                                                                                                                                Entropy (8bit):5.4786454056809335
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2ZhKK1RAoRbBpEWa6kTtQ39i6v+32fN2fsihl/hUAjGmqlGzpfnLeaZ:xvxge/3kTN6vnO/UAjGTUtLjuihB5h
                                                                                                                                                                                                                MD5:A0B103552C6A98BDD01E4086C5FCE876
                                                                                                                                                                                                                SHA1:8B679863C5DFCC8279140F494DD193A2B368A8DA
                                                                                                                                                                                                                SHA-256:5EB871098F7DEB06079E3D43C0D4CB15C70C376FEFAE2471DC2884BFBE928693
                                                                                                                                                                                                                SHA-512:867B64BAF6716469B8870C1ED5FECB90040666B955FB21F28944F182A1D4EEAC14D4AD13A236A473DAA3632E351829EA41B8ED8E4B5324C9E7ED674E4E186B79
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->.... .. History of Corsican translation for wingup:....- Updated on June 29th, 2024 for version 5.2.9 by Patriccollu di Santa Maria

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\croatian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2381
                                                                                                                                                                                                                Entropy (8bit):5.506498821618187
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c8wZSvbyAHg2RG52wL2Rf2fXr2f3rXj7hXsCkpGzLiUpdCK9/k96YzM8C9J7FMe:rvxgV5f2yw1Xs0P5cK9/hx8e7b
                                                                                                                                                                                                                MD5:DBDCF3206D034E3D0873D5EC125330AA
                                                                                                                                                                                                                SHA1:C98F9F5C108F59CBF339AECC2AC569159B2CC831
                                                                                                                                                                                                                SHA-256:404189C6EA9BB06E036F89DF6FA53CD66530B5879BD5E3092015FB46A1AA33E0
                                                                                                                                                                                                                SHA-512:D6E7EEE10551F64E62C96114F9A1E292A66E48A091B348F86E02BABBC5DE50E6EA41E05A114DE8B3880E332F128D2461999DCBA1CFF2C850C21BB987FED7643F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Updated 30 June 2024 by Elvis Gambira.a (el.gambo@gmail.com)..-->.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Hrvatski" version="5.2.9">...<Po

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\czech.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2453
                                                                                                                                                                                                                Entropy (8bit):5.598885633607316
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:csygHHSvbyAHg2RPJMwd42fS2f9w27hzXTKNGz8Dmz5T9Uk2e9s0BMe:QKyvxg+ZRvR1V9Lrv
                                                                                                                                                                                                                MD5:4C3A7E151D5D0D8703BB72327286B226
                                                                                                                                                                                                                SHA1:84943AF8E21E3CFF4AD202E67796886D5A51D712
                                                                                                                                                                                                                SHA-256:6FA0E6A15EBC8E602C6C184C8A650E48B1691DB29752A6B7C34AD772A76FBA6D
                                                                                                                                                                                                                SHA-512:20591DB73257A246690BE09E02A60FA1EDDD98874334E996D08E9D84C703F70CDE1FB9F037D46430313232BD369BF6332F191A68275B1B7B271308A798103FC2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ...- last change: 24/Feb/2023 by Ond.ej M.ller (mullero@email.cz)...- translation contributors: Ond.ej M.ller (mullero@email.cz), ..-->.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is op

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\english.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2218
                                                                                                                                                                                                                Entropy (8bit):5.374148891601064
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RsgkCWZ2fv2fxrQLAFhT8GznEb9kcrajZnHyMe:xvxglg9MnfvH4
                                                                                                                                                                                                                MD5:FCAF7DFE138712FA28F9C65B2F67C9FC
                                                                                                                                                                                                                SHA1:3C5219A3A7629080B2E430D9D703257739ECA3E6
                                                                                                                                                                                                                SHA-256:87662EE483FAE9725FA253538C0DA2C2FD862DCAB5140AFC769BDC8155D61AAF
                                                                                                                                                                                                                SHA-512:633657C4E25B209812B56EE8EC65B6DC72917899443DE6038308F73872177FD321B160FB6C366CD3486E5CF84A698B50BBA06B8C32ABB7E07723257DBDDFED31
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="English" version="5.1.3">...<PopupMessages>....<MSGID_UPDATETITLE content="Notepad++ Update Available" />....<

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\french.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2411
                                                                                                                                                                                                                Entropy (8bit):5.522221017467411
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cCSvbyAHg2RqDxbgFNm2fzw2f7ea9gaOh8CqGzvtp3FS83g9Cr7SITMe:kvxgHWvzZCmQrZbFld
                                                                                                                                                                                                                MD5:6B7D4873196FDE66B65009D68FF09307
                                                                                                                                                                                                                SHA1:C298A735738F46F4B7088C1F85B6CA84C65886CD
                                                                                                                                                                                                                SHA-256:FB77AB5B40AD2B639542D1EEAC06855534922C62323B29120D151C3C5EA69706
                                                                                                                                                                                                                SHA-512:EB2766734DACFA5CE57107E835DE93036D7F9485C68C90BF038253193E51C239C4F40CEB491AD4177E42881720E26C10A0CA13D5997EE715D9391355B8F41C13
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2024 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="fran.ais" version="5.3.0">...<PopupMessages>....<MSGID_UPDATETITLE content="Mise . jour de Notepad++"/>....<

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\galician.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2280
                                                                                                                                                                                                                Entropy (8bit):5.485083628987669
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cCSvbyAHg2RUjQ3yV2fzP2fkr6oEnhjUwGz+1IQSwOG9lHVXnBd/Me:kvxgvwzskQjySqw1Rdh
                                                                                                                                                                                                                MD5:4F38E7C6E80D1247B0C303F8359D5566
                                                                                                                                                                                                                SHA1:E222BB938EE3F026A85B01A383E66C3D988154C6
                                                                                                                                                                                                                SHA-256:759DB6548E616DF97FC30F3BD186DB57196C53359F0AD30CBC063764A90F75E3
                                                                                                                                                                                                                SHA-512:B928859A785131C88CFC1B877D1FBF7FEDA69CBB2DE2FBA9A4B8D1934EC062D3E5E6CFA7BFE4E0A6088D57F5B5FEC82C039B6BDF6ED516B4501E2652BA2EFF43
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2024 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Galician" version="5.3.0">...<PopupMessages>....<MSGID_UPDATETITLE content="Actualizador Notepad++"/>....<MSGI

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\german.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3667
                                                                                                                                                                                                                Entropy (8bit):5.459809296440984
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:uvxgT6XQLYRFY3CFfkhCBu8i9/V+TD83UHNcWH5t:upgT6XQLYR5WkBu8IV+TA3UHNcWZt
                                                                                                                                                                                                                MD5:70A26C53DF607C0B6ABD99134485E4A3
                                                                                                                                                                                                                SHA1:9EAF8B766C17A7C28D04A648C1280F3A1B8FC530
                                                                                                                                                                                                                SHA-256:AD0DDE4CA73DAEF016C07FDD3ACFAD4576C7BB16B24910A74392EE71FA2A45D4
                                                                                                                                                                                                                SHA-512:6AF0959CD05F94F2E3CECC0BAACFB7755D03A9A0AD792E01EDBD7E89B31C51E0ACFDF5407430E9E78C63D456D84BCC223B3991BAC0C0FE3D8B0E83A249BBD8C5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>.... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name = "Deutsch" version="5.1.3>...<PopupMessages>...... <MSGID_UPDATETITLE content="Notepad++ Update Available"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\indonesian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2043
                                                                                                                                                                                                                Entropy (8bit):5.383463751489097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RuS2f/YT2fBQojGzdJcakFz9qXiAJ6WMe:xvxgJv/YYyzxP7iC
                                                                                                                                                                                                                MD5:E24A747CD51C67FACA295C0E7BDA1265
                                                                                                                                                                                                                SHA1:07F10EF5491D1A65DDAC6B43FCF74F86622EF513
                                                                                                                                                                                                                SHA-256:A619C8328280D5B434C00F11B83C0A557A316CC9CB2616264AEC6061E9121649
                                                                                                                                                                                                                SHA-512:B1AA9A6E1C798F9A51560AD2C6D5E426D3CC418F0F78B42F4B3DF4C7F118BC0F6B6418ACC6F6F0245D8758B238F054B93DE59A99C46151751849C1033D42C5C9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Indonesian" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Sebuah paket pembaruan terse

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\italian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2279
                                                                                                                                                                                                                Entropy (8bit):5.396170622122861
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RlSghqD92f/3t2fBQ9WXuFhUn7TGzbIaUKKaep9jTBZSSKMe:xvxgdgr/+yHU7a/NLoBA
                                                                                                                                                                                                                MD5:5271A99237BB7479F637F861ACDE7882
                                                                                                                                                                                                                SHA1:87B8DEE2D8999F70E496E4DE69C038D4E7E8E487
                                                                                                                                                                                                                SHA-256:2968E841018FDB4A943C1546F35646EDC13FEDACBFA75EB2957C0F5BAC974C05
                                                                                                                                                                                                                SHA-512:5D9720A09FC840185FD7BF8D3E1F92679D179197CE051DBBC261C2FD5C62FDFE3332C4B58C495F7ACCD9BC64C6C2E61F6CA52FA12F228C08F067DCCE5D8ECE40
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Italian" version="5.1.3">...<PopupMessages>....<MSGID_UPDATETITLE content="Aggiornamento Notepad++" />....<MSG

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\japanese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2584
                                                                                                                                                                                                                Entropy (8bit):6.090009289309272
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cwOJSvbyAHg2RxJVqnPGI82fcu2flubZ6XKhGGGXFGzNUTU7bCXrQ995G52dLPrZ:xvxgGJahuzUe0ygWc511
                                                                                                                                                                                                                MD5:67D5B6873F4ECE7768FEFD0A8DF1E98F
                                                                                                                                                                                                                SHA1:07F27DC8BCB835FB4A3D7BD1F5FBECCE31F9E197
                                                                                                                                                                                                                SHA-256:8CDEED3B3DA55D4BF3433B23AFA772A3242A16C3A139BCAA849F792A67D80BDD
                                                                                                                                                                                                                SHA-512:6D7E0B61DCD7156BB039FB006C42D5CCBA8A09C85378BD7FE7948F78DF6A833BA5DD905C10A78F27077791273A30FAE3CE6F21DAA5AC9770DD6D4C30629E3A4F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>.. Copyright 2023 MISE Yasuhiro.... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Japanese" version="5.2.9">...<PopupMessages>....<MSGID_UPDATETITLE content="N

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\norwegian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2377
                                                                                                                                                                                                                Entropy (8bit):5.452519595235615
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg21kpi+uJC2fMhl2f7SlBfIehDRqUGzJ6xOHJ390DMmfA4hWMe:xvxgJktrQDgbsxORZ4hk
                                                                                                                                                                                                                MD5:E52A96D15503AC64DABA1900DA2466F8
                                                                                                                                                                                                                SHA1:F30FDB811699A1333C8883F80A1CDBD2EE95C3A4
                                                                                                                                                                                                                SHA-256:7A020AB42187D58B3378CCA67BE82247B2DCD3A877D643C4E35B5A61D4E6F7C1
                                                                                                                                                                                                                SHA-512:B3EEFA76CAED2EA3C4FEA9A949EF7E04F20AA8E860C087E7BC283BA0D8210444A17FBB33BCE321B909D8C9AA7EED8202651DEBCDFD9FD2D3E77CFA180FF5893A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->.. Translated by Njardarheim-1337 (njardarheim@protonmail.com) -->....<GUP_NativeLangue name="Norwegian" version="5.3.0">...<PopupMess

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\portuguese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2118
                                                                                                                                                                                                                Entropy (8bit):5.430676639243166
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2R+oFXp2f92fBh6wGz74jGaKa9qQe51YSuwuMe:xvxg5eS+yv3tbu
                                                                                                                                                                                                                MD5:BE987CF4FA7B3B7B92435101DF147B71
                                                                                                                                                                                                                SHA1:40521C5F2E26556C14CC6EB0D9A2667ADF5DCFE6
                                                                                                                                                                                                                SHA-256:EAC35C9AFE2BCBF750113C55E44369E7765DA8B277924C6555E6022ED328A40F
                                                                                                                                                                                                                SHA-512:CC90150AFDDBA9888DFCDC9CC6165BEA2D1916A15447DE2532E6574DFD0BBE1B7FD58FB35270527E350652DF7ADD4D91FCEFACCAC7CA8F8681B68B178C31FADC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Portugu.s" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Est. dispon.vel uma nova a

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\russian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2719
                                                                                                                                                                                                                Entropy (8bit):5.738475063605699
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RB7gUdF2fN2f4IgpN5h5wqbes4GzJRY9RG2jaZ9syMe:xvxgU7gQWOMb5w7sHYGTf
                                                                                                                                                                                                                MD5:41DB05E910B7B3C402232108FE94D26F
                                                                                                                                                                                                                SHA1:8996A5B7A12A5F97062E01929AC4CDC09A2E60AA
                                                                                                                                                                                                                SHA-256:6A7E028AE7CF0B9ED7B56F9241EA0143F917F526545B14F0027F353238420B3A
                                                                                                                                                                                                                SHA-512:916A67EED65EA7952931B397B2E66335154D755DF83EAABE994D280DE92A53FB887237760FE61D756634B559DD0C92F6E97BA8B31A38B8C616EFF4F93511C4AE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="......." version="5.1.3">...<PopupMessages>....<MSGID_UPDATETITLE content="........ ......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\slovak.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2097
                                                                                                                                                                                                                Entropy (8bit):5.539028021239655
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RQxbt2fI2fBzuDMuGz6zEb9bteneQaLMe:xvxgPwhr1exnQl
                                                                                                                                                                                                                MD5:0C2A25CAF7FAB01292FADA38C4CD8456
                                                                                                                                                                                                                SHA1:A02ADAB4BB2D6D2FE9FB707C2EB75E4A0956D4DA
                                                                                                                                                                                                                SHA-256:5458275A3DEEC52075EB36C1B7C92292F7CAAEB59C320518A4DB4D19ED4DAE55
                                                                                                                                                                                                                SHA-512:C5370010BF3898CEFC1F23E92017E937EA9BD518EAFFCC27219390F75C7449662C40694122674C9F7842E03E0BEB323393DA165DE00BB558812DBB4E2468864F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Slovak" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Aktualiza.n. bal.k je k dispo

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\spanish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2301
                                                                                                                                                                                                                Entropy (8bit):5.467265702053891
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cCSvbyAHg2RmjQKyQW2fzP2fkrQtjnLhjJcYGzwNQYJdG9qLVO1NCBcd/M3:kvxgDhbzskEnjKn92OeBcdo
                                                                                                                                                                                                                MD5:E9008A2E3D6AEE93B657FCBB2102999A
                                                                                                                                                                                                                SHA1:5C278FE71EAC5F56E1021F6DD8CCC7BCB707812C
                                                                                                                                                                                                                SHA-256:92E3C6A5FCDC3A9C69C848BD42A4461C3519DEA10814BDEDF791BCE45453F51E
                                                                                                                                                                                                                SHA-512:78C9B8BBAF6F52335F95C731AEF7BBDCF2FC02EC3D2888FB261D1F05DD54EF27E4268014B968B81703A4CA73E2498159C277E2B3D6D064AE80454BAD418BA721
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2024 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Spanish" version="5.3.0">...<PopupMessages>....<MSGID_UPDATETITLE content="Actualizador Notepad++"/>....<MSGID

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\swedish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2377
                                                                                                                                                                                                                Entropy (8bit):5.4411333004732265
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RFgGiM2fu2fPBTDhMxgqmFGzgnOyoX0T92frdWVmMe:xvxgggrjPM1RUn2
                                                                                                                                                                                                                MD5:9D30833C4B50960264C526D88045A97C
                                                                                                                                                                                                                SHA1:7A232D92790684E6260DD5C2D9DACF1C2081EAE2
                                                                                                                                                                                                                SHA-256:EF55291EE13F5098D74689F02452590BB29178C402C922677EFCA87F821E087A
                                                                                                                                                                                                                SHA-512:389212F479C55910FFF72E3C632185976995EC6E1C1B94D4909B36DF765273C1B870DD437E2C745542F80113D25C26729853A16804486871C5BD17A25F01BD03
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Svenska" version="5.1.3">...<PopupMessages>....<MSGID_UPDATETITLE content="Uppdatering av Notepad++ .r tillg.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\taiwaneseMandarin.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2161
                                                                                                                                                                                                                Entropy (8bit):6.204536694678568
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:ciSvbyAHg2RGgghSt2fY2fkdwvehYr5Gzd73p03Q9I00XfSMe:uvxgJgg8uxWY8573oxvY
                                                                                                                                                                                                                MD5:AB37432126C7D615091905DFA988A483
                                                                                                                                                                                                                SHA1:97CF69D93BD2DCD26F8CAF7D1849EC397753E105
                                                                                                                                                                                                                SHA-256:A4D6BD9870B11664B6681A0D1EBAC88640B453644FFA50155C149C993990D66B
                                                                                                                                                                                                                SHA-512:5B1727B1CF81215A2FEDF26914A28C5E7268163880AA0FF5C6B1978EE9CB46C2F681032C05DE545A5BA4DAFEE59CE98D02A8441EDE1807C5D32D1C80B71642A4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>.... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="...." version="5.1.3">...<PopupMessages>....<MSGID_UPDATETITLE content="Notepad++ .......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\gupLocalization\vietnamese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1488
                                                                                                                                                                                                                Entropy (8bit):5.59409820840344
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dQvWFnO3S3ybykOkHbtTbVfIQHWRvzBNEN6uoNLWRnoNQF2zoNwUzYn/MoNH2Nv:cQvCOSibyAHr2Rvzgh5FF2z98Yn/M+EZ
                                                                                                                                                                                                                MD5:2C3064208415D73E8B1D4C68C49121C1
                                                                                                                                                                                                                SHA1:1BA81F814A9765A1A85F4C862DEF3814E37DD448
                                                                                                                                                                                                                SHA-256:CFA10479BE9FA34C0D67AAD90294E79CF20CC02325CBAFB99C14356AEFE975E3
                                                                                                                                                                                                                SHA-512:F9709107EBF8E7015F3C09FD30D1D8101F66C826684F6F1A340A083501C9F3A678670F74C49CD03FEBFE237A9390537829D098CBC7CB33B24D406B84A98A37EF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2015 Juno_okyo <junookyo@gmail.com>..... This file is part of GUP... GUP is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version... GUP is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Vietnamese">...<PopupMessages>....<MSGID_NOUPDATE content="Hi.n t.i kh.ng c. b.n c.p nh.t n.o." />....<MSGID_UPDATEAVAILABLE content="M.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\ioSpecial.ini

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):1314
                                                                                                                                                                                                                Entropy (8bit):3.70832627694938
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:Q+sxvtSSAD5ylSjqWCs7y6J9ad9ny6k8l/5iCxGmxCk6xV5MbYpsCaH65Ot5CC+0:rsx9AQSjqQz9aW8l/55XAV5waaNt5h
                                                                                                                                                                                                                MD5:AC32F7233C6EB5967B240633D05A981E
                                                                                                                                                                                                                SHA1:480CDDD0590AAD508C55B18A96C311B9B636DB1B
                                                                                                                                                                                                                SHA-256:1DD350055D57F185000A4883421DEEC56242E6B4441C378341AA2FD71EFFA767
                                                                                                                                                                                                                SHA-512:0D83F90ECEBF921440D70EF8F23EB2708183796C610C931EE37FF3ED35AD7ECC17F70A81EA9A6B3AEB7607EA36323A8BBCA0FCD9D565D9D0A9F27672ABBBD882
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..[.S.e.t.t.i.n.g.s.].....R.e.c.t.=.1.0.4.4.....N.u.m.F.i.e.l.d.s.=.4.....R.T.L.=.0.....N.e.x.t.B.u.t.t.o.n.T.e.x.t.=.&.F.i.n.i.s.h.....C.a.n.c.e.l.E.n.a.b.l.e.d.=.....S.t.a.t.e.=.0.....[.F.i.e.l.d. .1.].....T.y.p.e.=.b.i.t.m.a.p.....L.e.f.t.=.0.....R.i.g.h.t.=.1.0.9.....T.o.p.=.0.....B.o.t.t.o.m.=.1.9.3.....F.l.a.g.s.=.R.E.S.I.Z.E.T.O.F.I.T.....T.e.x.t.=.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.d.8.2.A.F...t.m.p.\.m.o.d.e.r.n.-.w.i.z.a.r.d...b.m.p.....H.W.N.D.=.7.8.7.5.9.0.....[.F.i.e.l.d. .2.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.1.0.....T.e.x.t.=.C.o.m.p.l.e.t.i.n.g. .N.o.t.e.p.a.d.+.+. .v.8...7. .S.e.t.u.p.....B.o.t.t.o.m.=.3.8.....H.W.N.D.=.1.3.1.0.8.4.8.....[.F.i.e.l.d. .3.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.4.5.....B.o.t.t.o.m.=.8.5.....T.e.x.t.=.N.o.t.e.p.a.d.+.+. .v.8...7. .h.a.s. .b.e.e.n. .i.n.s.t.a.l.l.e.d. .o.n. .y.o.u.r. .c.o.m.p.u.t.e.r...\.r.\.n.\.r.\.n.C.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\modern-header.bmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 150 x 58 x 24, image size 26218, resolution 2834 x 2834 px/m, cbSize 26272, bits offset 54
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26272
                                                                                                                                                                                                                Entropy (8bit):7.678070294241038
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:QmeFh1hjNBSZ3eD4X9d5VmRzR5vTORVINvG6Hj6:sfDjNQZMI/VmRzXvTkVeGY2
                                                                                                                                                                                                                MD5:56DA15FDB8D96F8F5C649DCB5E79D775
                                                                                                                                                                                                                SHA1:157E19E89C5FC690A67E3E3E4786EDFCE917949C
                                                                                                                                                                                                                SHA-256:BB90D4338D2474138473E6B16E94B0237EE847BEA45019ED0DD4439C71BD233E
                                                                                                                                                                                                                SHA-512:341157E6D6A6A445223D7E0B48F6887B32A0F68FA024FE6D3511B8E5F4664BFE25EE8B9C1C9CF6D80DB1DC3B0383BCEC76B385D36AFF176B64A4FEF57E81A8B6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM.f......6...(.......:...........jf................../W.0X./Y./Y.,V..W.0\.0].0].0^.0`.0`.0a 1a"1b$1c$0e&0e'0e)0f*0e*/f,0h.0i.0h/0j10j10k30m51n61p83r:4t<4v>5x@5xA5zA5zD5zE6}G8.I8.J9.M:.N9.O7.N7~P7.Q8.S;.U;.X:.W<.[<.\;.[<._=.bA.iA.i?.f@.k@.kB.pC.rC.qB.rC.tE.wD.wD.tD.wE.{E.|E.yF.}F..F.~F..H..H..H..H..J..J..I..J..L..L..J..J..M..O..N..J.L..P..O..S..T..Q.V.^..^._.e.i.n.v.x.w.{...........................................................................................................4^.0X.1[.0Z.,U./[.3_.2`.1_.1a.1a.0_ 0a!0b#1c$1d$0e&0e'0e(0f*0f+0g,1h.1i/1j00j00j20j30k40n60n61o91p:2r<3t>3t?3vA3xC5zD5zE6zG6zH6{J8.M9.P9.P7.Q6|P7.R9.T:.V;.Y<.\?.`>.a=._?.eC.iA.hA.jC.nB.oC.qD.rD.sC.sC.tD.wE.xE.zE.{E.zE.wE.{E..F..F.|G.|G..H..H..H..H..I..I..K..J..J..J..L..N..N..N..K..M..Q..L.P..V..T..U.].a.d.g.j.n.u.y.w.z.~........................................................................................................7`.7`.0Y.,U.,T.4`.7e.3b.4c.6h.6h.0^ ,\ 1b"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\modern-wizard.bmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154490, resolution 2834 x 2834 px/m, cbSize 154544, bits offset 54
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):154544
                                                                                                                                                                                                                Entropy (8bit):7.700864402260379
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:NKrK243U6RNfWAKVZ17e28FTfWDG7wFlF9:NKW3UMfWTpe2eODG7UF9
                                                                                                                                                                                                                MD5:C2CF6928A3AB574A5548B4DC1C38B6C0
                                                                                                                                                                                                                SHA1:8860FF529F60B38A93912F88F234D46EEBCF664F
                                                                                                                                                                                                                SHA-256:2125550C12FA512782F2016E802D70BC51F4A06017CFBD4176B4A994EB2542F0
                                                                                                                                                                                                                SHA-512:FB6B28F2677B1418F8EBF621DD1E201B127B53B998C02300CAA66A9F374F681961F5B9A7F843D6082821890DF9E3D91A3403B4F83D70D155E9C841893E1F80E4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM.[......6...(.......:...........z[..................8a.5].0W.-S.,R.0W.7_.0W.-S.4\.3[./V.5\.6^.3[.2Z.0W..U.,R.-S.5].6^.4\.6^.7`.7`.5].+P.-S.7`.5].0X./V.0W.2Z.4\.7_.-S./V.4[.2Z.-S.+P.+P.4\.6^.5\.1Y./V..U..T.2Z.6^.6_.6^.6^.5].5].5].2Y.6^.7_.2Z..T..T.2Z.1Y.-S.-S.3[.4\./V..U.,R.-S.5].5].0W.0W..T.-S.,R.-S.0X.4\.2Z.6^.7_.6^.0W./V.0W./V..T..T.-S./V.-S..T.5].7_.7`.7_.2Z.0W.1Y.0W.0W.0W.0W.4\.6_.6^.6^.1Y.4\.2Y.1Y.2Y.0W.0W.0W.1Y.1Y.2Y.2Y.4\.7`.6^.3[.4\.4\.5].5].5\.5].5].1X./V.-S.,R./V.4\.1Y.0W.1Y..T.-S..T.0W.0X.2Z.5\.2Z.0W./V.1Y.1Y.0W./V..U.,R./W.2Z.8a.5].1Y.-S.,Q./W.7_.0W.-S.4\.5\.1Y.4\.6^.1Y.2[.0X./W.0W./V.6^.6^.1Y.2Z.6_.7a.3[.+P.0W.8a.5^.0Y.0V.0X.2Z.4\.7`.0W.0X.5^.4].0X.,R.+P.3[.5].5].2Z./V..U..T.2Z.6^.6_.6^.6^.5].5].5].3[.6_.7`.3[.2Y.3Z.4\./W.,S.,R.0W.1Y.,R.,R.+P.+Q.3[.5]./V.0W.-T.-S.,R..U.1Z.4\.3[.6_.6_.7^.2Z.1Y.1X./V..T.-T.-S./V.-S..T.3\.5].6_.6_.1Z./V.2[.0X.0W.0W.0W.2Z.6_.6_.6^.1Y.4].3[.3[.4].3Z.2Y.0X.1X.0X.1Y.2Y.3\.7`.6_.2[.3\.5].6^.5^.5].5].4\.0X./V.-S.-S.1Y.4\.1Y.0W.1Y.-R.,Q.,R./V./W.1

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\abkhazian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):110064
                                                                                                                                                                                                                Entropy (8bit):5.492424062735476
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:7MQVX2sq8QQNNfaQzBAt1rGUUH0s8WU+B:ZThQE
                                                                                                                                                                                                                MD5:52351AB95F1003EF0F307892213B4ADC
                                                                                                                                                                                                                SHA1:4652C5ACE2418A4CC7E3C3D244FFBC40EA658B39
                                                                                                                                                                                                                SHA-256:96D253EEADE617EADA18BA88AA341E6BDDA346D36724ECB65975C30C5B97B44A
                                                                                                                                                                                                                SHA-512:396013063ECD41EE69B161B20593163AD1B352EA77FFB8FDE06BD6D8452C3227929362A6FD5B794127CE29EEC7374ACD14D031C55AF61867AE5DDCAF4B310F73
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Abkhazian translation for Notepad++..Updated to v8.2.1:..- added new lines..-->..<NotepadPlus>...<Native-Langue name="....." filename="abkhazian.xml" version="8.2.1">....<Menu>.....<Main>...... ...... .... -->......<Entries>.......<Item menuId="file" name="&amp;....."/>.......<Item menuId="edit" name="&amp;........"/>.......<Item menuId="search" name="&amp;......."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;..........."/>.......<Item menuId="language" name="&amp;............."/>.......<Item menuId="settings" name="&amp;........."/>.......<Item menuId="tools" name="&amp;.........."/>.......<Item menuId="macro" name="&amp;.........."/>.......<Item menuId="run" name="&amp;.........."/>.......<Item menuId="Plugins" name="&amp;.........."/>.......<Item menuId="Window" name="&amp;...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\afrikaans.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):23333
                                                                                                                                                                                                                Entropy (8bit):5.040654990401239
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nKDMkZBxHY2SxylY+FG5jQFo+uPMA0X+0xgQFjfbNPJ9hXGFE24o9dTge:nOO2SxiHPrugLT128e
                                                                                                                                                                                                                MD5:5E30C8DCF626F593E2A6D5221D2725E2
                                                                                                                                                                                                                SHA1:96C14ACAFE2A314ECB19F3E0D44814DA3742383E
                                                                                                                                                                                                                SHA-256:2C730B6F428DFBE6F5E99B77BD3376573D860E8DAC7E4C72EFD289754DF37726
                                                                                                                                                                                                                SHA-512:7F1BBFAB39E46183A8150FCB2D0B692F228DCE2D15CF8368D533A1E3B625DC2CEB87FAA70B050E6D5B62AE60FCB6F2BFF2DF0CC9DACCBC6EA8AB9CA725A95645
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Afrikaans" filename="afrikaans.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Le.r"/>.......<Item menuId="edit" name="&amp;Redigeer"/>.......<Item menuId="search" name="&amp;Soek"/>.......<Item menuId="view" name="&amp;Uitsig"/>.......<Item menuId="encoding" name="&amp;Formaat"/>.......<Item menuId="language" name="&amp;Taal"/>.......<Item menuId="settings" name="&amp;Stellings"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Loop"/>.......<Item menuId="Plugins" name="Inkoppeling"/>.......<Item menuId="Window" name="Venster"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Kopi.er Na klipbord"/>.......<Item subMenuId="edit-indent" name="Inspring"/>.......<Item subMenuId="edit-convertCaseTo" name="Verander register"/>.......<Item subMenuId="edit-lin

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\albanian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):44414
                                                                                                                                                                                                                Entropy (8bit):5.163372968117245
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nQPX6Jb7zbDOuVUPqoEjTlyaG4CwWojet5CWJxOX7xjBuvu6VgHfSXJ+JUMLht7H:nQiJbTDO8SqoYTljG4CwWojTdsGAylSe
                                                                                                                                                                                                                MD5:2A7503F7CB5A8B30A8F373E11122C751
                                                                                                                                                                                                                SHA1:3B16253293EF0E41CE240F18A6A8E7AFD3F6EAD2
                                                                                                                                                                                                                SHA-256:C0AFF6D9D796A7E44A86881AF0C4311792F46906DA9051AEA71B2053046302B3
                                                                                                                                                                                                                SHA-512:955C6C545079BF671089593F4EAC26F7F09ED92E10A66B0BE325D4D62CA21BFC1E6F5AB1D77C14C179B46EE8B39FAB65E1E55CD3B0CB5DDE1DBDCBBC1534F8E2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Shqip" filename="albanian.xml" version="6.7.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Filet"/>.......<Item menuId="edit" name="Ko&amp;rrigjo"/>.......<Item menuId="search" name="&amp;K.rko"/>.......<Item menuId="view" name="&amp;Shfaq"/>.......<Item menuId="encoding" name="K&amp;odimi"/>.......<Item menuId="language" name="&amp;Gjuha"/>.......<Item menuId="settings" name="&amp;Rregullimet"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Ekzekuto"/>.......<Item menuId="Plugins" name="Shtojca"/>.......<Item menuId="Window" name="Dritare"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Hap dosjen e p.rmbajtjes"/>.......<Item subMenuId="file-closeMore" name="Mbyll m. tep.r"/>.......<Item subMenuId="file-recentFiles" name="Filet e fundit"/>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\arabic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (356), with CRLF, CR line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):76842
                                                                                                                                                                                                                Entropy (8bit):5.403660944154806
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:YzfKzz0KIjoUZb0zO/1/OUzUt6Rj1ZPjuPbMxkRHraR8spAe:15M1/OtBbMxkRLahj
                                                                                                                                                                                                                MD5:2B738896CB3B34D0364A5C5DDBF10471
                                                                                                                                                                                                                SHA1:D8A716D2AA65E13685CFE42CD72A3084363969DD
                                                                                                                                                                                                                SHA-256:8116EC23550DF70EED8DED13EAB208FC703A7344DCFBBA4FA5043BB63ED487C4
                                                                                                                                                                                                                SHA-512:6991FEA418F45F2E9F741B62EDC1288CE994AD3A862A71F80444F5A56D36C4C8EB500B55B77E5F02D3BD5268668B2F5D7D32902E1DD31878A64DCB22643C1C9C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>.. .. URL: https://www.w3schools.com/xml/xml_syntax.asp.. - &#xD; is (\r) new line .. - &gt; is (>) and &lt; is (<).. - &amp; is (&).. - &apos; is (').. - &quot; is (").. -->..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Arabic" filename="arabic.xml" RTL="yes" editZoneRTL="no" version="7.7.2" -->...<Native-Langue name="Arabic" filename="arabic.xml" RTL="yes" version="7.7.2">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;..."/>.......<Item menuId="edi

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\aragonese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (785), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):43935
                                                                                                                                                                                                                Entropy (8bit):5.180126936861544
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Mz2urr8cZRclNTdvf6vHJmH8dyDxcRNf8WzhMmro1uaYm85Pf:MiG7YM/JmH8dQxcn8MhsuQ85Pf
                                                                                                                                                                                                                MD5:AA7A40CDFD58F398693EF69987D335D4
                                                                                                                                                                                                                SHA1:23946B7AA85AB4EC0FA0B6287F106F9907739878
                                                                                                                                                                                                                SHA-256:AE6AC98C3F17B953ACF0E4061CE5F964DF840D8E6FCF085120220023BEEE8452
                                                                                                                                                                                                                SHA-512:A2DA86E49EC35C34EA17A7BEE2790EED4C7A5383D3400585359AF3F9C84342B01D83F30D68FD25FFD61D4CE7186ACF1867DA896D565AD7AD54C0FE877749F903
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Aragonese localization..for Notepad++ 6.4.5..Updated 28 Sept 2013..By Ches....s D. Trigo [xuxinho7@gmail.com] & softaragones [softaragones@softaragones.org]..-->..<NotepadPlus>...<Native-Langue name="aragonese" filename="aragonese.xml">....<Menu>.....<Main>......<Entries>.......<Item menuId="file" name="&amp;Fichero"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Mirar"/>.......<Item menuId="view" name="&amp;Veyer"/>.......<Item menuId="encoding" name="Co&amp;dificaci....n"/>.......<Item menuId="language" name="&amp;Luengache"/>.......<Item menuId="settings" name="Co&amp;nfiguraci....n"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;xecutar"/>.......<Item menuId="Plugins" name="C&amp;omplementos"/>.......<Item menuId="Window" name="F&amp;inestras"/>......</Entries>.......... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyT

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\aranese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16637
                                                                                                                                                                                                                Entropy (8bit):5.131942059833548
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:hA7CeIc/42pl5Xwe6Cb9h1R0sd/vW40AZp8jWv3PYelOvFLldexe7cQYdta/FFOh:hG7pf5Xwe6AtZpXQLtYVKZatfbUe
                                                                                                                                                                                                                MD5:19BB9F15D21DD89ADF0CECE3203FFF77
                                                                                                                                                                                                                SHA1:0FEFDC4460A591987DC37B5A8FA5085AE05A2A2A
                                                                                                                                                                                                                SHA-256:CB1DBA6EE8BE55CFB7EDD70F8678C084643FC0F384F98F248B1EEB2A4A5EDAAA
                                                                                                                                                                                                                SHA-512:70E28CE833475A7C154C5DB3A6BB3DCAF843CC5D5E3F34FFB0B6FC6697FE90DD816B071F146CD9E97536D7F1FEB37397376D23A849ADB7822DBDBD9A5FC60F02
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>...<Native-Langue name="Aranese" filename="aranese.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Archiu"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Cercar"/>.......<Item menuId="view" name="&amp;Veir"/>.......<Item menuId="encoding" name="Fo&amp;rmat"/>.......<Item menuId="language" name="&amp;Lenguatge"/>.......<Item menuId="settings" name="Con&amp;figuracions"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="La&amp;n.ar"/>.......<Item menuId="Plugins" name="&amp;Peda.i"/>.......<Item menuId="Window" name="&amp;Hiestra"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Comprimir eth niv.u"/>.......<Item subMenuId="view-uncollapseLevel" name="Expandir eth niv.u"/>......</SubEntries>........ all menu item -->......<Comman

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\azerbaijani.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27635
                                                                                                                                                                                                                Entropy (8bit):5.290579231517859
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nMp38joViIIs12cgkSJ08Vxf3cizYtq8rK7SL48FMZFydOaEIA6k9b9AOS71cDjT:nMZpQk4z8MZOyO9IjxV3KqLvq8fse
                                                                                                                                                                                                                MD5:16FDD2B783C711DDC050CDDE5B0BF58B
                                                                                                                                                                                                                SHA1:970141B5DE0573C87E0A76A78BF971E6E355E3AD
                                                                                                                                                                                                                SHA-256:89FE78EFA8F04774F4F42474A4D209D5BDEBC7382E49C4AE9618088A85CCBB2D
                                                                                                                                                                                                                SHA-512:BFB04B69DAEFB515BC8B01E4DC357E980130146F6EC0687512EE8BA40BE93981EF787EF9B7B737B89652227BF52E99F3D9B48FA425ED0D28184F2017FFDB34FB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Az.rbaycan" filename="azerbaijan.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="Fayl"/>.......<Item menuId="edit" name="Redakt."/>.......<Item menuId="search" name="Axtar"/>.......<Item menuId="view" name="G.r.n.."/>.......<Item menuId="encoding" name="Kodla"/>.......<Item menuId="language" name="Sintaksis"/>.......<Item menuId="settings" name="Nizamlar"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="... sal"/>.......<Item menuId="Plugins" name="Plaginl.r"/>.......<Item menuId="Window" name="P.nc.r."/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Buffer. kopiya et"/>.......<Item subMenuId="edit-indent" name="Abzas"/>.......<Item subMenuId="edit-convertCaseTo" name="H.rifl.rin registerini d.yi."/>.......<Item subMenuId="edit-lineOperat

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\basque.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (365), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):87185
                                                                                                                                                                                                                Entropy (8bit):5.163399615098203
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:cLTLPqauoRUBVikyQySAbbI2hjjisdXlpCe:cOoRUBVikyQybb1UsdX75
                                                                                                                                                                                                                MD5:C4F012A9FF57B29A2AB3C552BC0CB164
                                                                                                                                                                                                                SHA1:11427E812A4CC751BEABC269C71A91FCD3344D4A
                                                                                                                                                                                                                SHA-256:D963B545520CE104C91CF0F6FC21BA932EFAADFE8A2C03A90490F81A9EFB1B93
                                                                                                                                                                                                                SHA-512:F16D26337E436A91AD643E14C7C5A6FF5170BB564783A8A7FFF4C1BB8512710A2CD05A9CE7010F7E12E7A11C09190921C688AA8DFDFED9EE3F2AD63F0E9C2C78
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name="Basque" filename="basque.xml" version="8.3.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fitxategia"/>.......<Item menuId="edit" name="&amp;Editatu"/>.......<Item menuId="search" name="&amp;Bilatu"/>.......<Item menuId="view" name="Ik&amp;usi"/>.......<Item menuId="encoding" name="&amp;Kodifikazioa"/>.......<Item menuId="language" name="&amp;Hizkuntza"/>.......<Item menuId="settings" name="E&amp;zarpenak"/>.......<Item menuId="tools" name="&amp;Tresnak"/>.......<Item menuId="macro" name="&amp;Makroa"/>.......<Item menuId="run" name="E&amp;xekutatu"/>.......<Item menuId="Plugins" name="&amp;Pluginak"/>.......<Item menuId="Window" name="&amp;Leihoa"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Ir

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\belarusian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):116152
                                                                                                                                                                                                                Entropy (8bit):5.458387519445203
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:WLKmnu/goo5zBvZCYW9W5nlPmsik+GO88I7cC4ISXZ+Gg+uDPYwYv++z6VVLD6e9:WHnWYWoO88I7cC4ISfWg6VVLD6eqIrr
                                                                                                                                                                                                                MD5:1805089EDE42AD40715F7FE43B3571DB
                                                                                                                                                                                                                SHA1:B9D175A00F4520C8E89401682E01AD71EC45F317
                                                                                                                                                                                                                SHA-256:08C3DF713CB24F97144FD506C6B07A50DDCEA5518BA6D7CAABAFE24F58B006C5
                                                                                                                                                                                                                SHA-512:EEBA8D4E185DDF31B82478C6D345BB36A6D594637F9350133D014BB9138A8A805FB0A82FDD4F3EDAAD81831B85D21FA9BC099E2A01A0FBDE89FA8ED15A71CD3A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name=".........." filename="belarusian.xml" version="8.4.6">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="......"/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="......"/>.......<Item menuId="encoding" name="........."/>.......<Item menuId="language" name="........."/>.......<Item menuId="settings" name="......"/>.......<Item menuId="tools" name="..........."/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="........"/>.......<Item menuId="Plugins" name="......."/>.......<Item menuId="Window" name="...."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\bengali.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):58583
                                                                                                                                                                                                                Entropy (8bit):5.131904211175118
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:hGflh+sclCc/jgJeZzXM2MymdgoMo3TWrXFC+e:helctjGeZzix3T8C+e
                                                                                                                                                                                                                MD5:24D3DCEEFDD6847AEE0BDC200F1CC4A5
                                                                                                                                                                                                                SHA1:B65423C5EA51FF8D0F29120A5A686E8152562D7F
                                                                                                                                                                                                                SHA-256:AF25815F922DBF6F2791F975CA32C2509809FB24931CA4CCACFB06FE108E300E
                                                                                                                                                                                                                SHA-512:A8F8B29CFC6F2232739D130A53A2D19CD1FD51AC95A6DC1C57AFACDD987CD4F506D73FDA392018BE8235270352BF9FE9F8DE07884B1429F1B2A0148315FF0528
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>...<Native-Langue name="......" filename="bengali.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....... ..."/>.......<Item menuId="search" name="&amp;........."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;......."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="&amp;......."/>.......<Item menuId="macro" name="........"/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name="......."/>.......<Item menuId="Window" name="......"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".... ...."/>.....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\bosnian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27222
                                                                                                                                                                                                                Entropy (8bit):5.115716374696929
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:QKownzknjJkjYeRIwTPWH3XNMLkLqaX5QE+f1ALPYW85HL:QKowDjYeLeH3dMwqaXx+I0L
                                                                                                                                                                                                                MD5:5DEBAF680F16F521F6283486E8E857A1
                                                                                                                                                                                                                SHA1:927C6FA14581D4EA26313FD0FC2E6EE62CAFF99B
                                                                                                                                                                                                                SHA-256:AD39AE78687DC1B24B9E5FE68662C6C664CD027CE2BCF5256DA78864192A078F
                                                                                                                                                                                                                SHA-512:88BCD23B4F9EDE82D2BD5CD360139DFABB67C800792C10CC1CC7E8F9EAE403AD08457F0808BB03AC86A673ACA87D161E450FBEE7D84D496AC693AF4768DD35EC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>....<NotepadPlus>...<Native-Langue name="Bosanski" filename="bosnian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Datoteka"/>.......<Item menuId="edit" name="&amp;Uredi"/>.......<Item menuId="search" name="&amp;Pretra.ivanje"/>.......<Item menuId="view" name="Pri&amp;ka.i"/>.......<Item menuId="encoding" name="For&amp;mat"/>.......<Item menuId="language" name="&amp;Jezik"/>.......<Item menuId="settings" name="Po&amp;stavke"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Pokreni"/>.......<Item menuId="Plugins" name="Dodaci"/>.......<Item menuId="Window" name="Prozor"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Kopiraj u privremenu memoriju"/>.......<Item subMenuId="edit-indent" name="Uvlake"/>.......<Item subMenuId="edit-convertCaseTo" name="Prebaci slova u"/>.......<Item subMenuI

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\brazilian_portuguese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):105521
                                                                                                                                                                                                                Entropy (8bit):5.258601643289753
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:dacDuUNAnDS/VB61hDTlDyk0mGb9vwlYvEhZHEhXpCVwnQe:dasI8VmhgL9vwln/upZQe
                                                                                                                                                                                                                MD5:D30B27DEB59EBB0CA0A5BCBB029ECB20
                                                                                                                                                                                                                SHA1:F0CA10C87FAB3CD2EAD1785B668E604D320A426C
                                                                                                                                                                                                                SHA-256:7A99C7D13420DA3CC70A07689E792B67AD7A84EC1E322C7E2CF608F5DBF0EFB4
                                                                                                                                                                                                                SHA-512:A43765ED92CA6702A5CBBCB28C246BC294888248B3A9D48B0F24B949BF5E968CF01813A46840992FB3EF2D83A72849B4562A6C75B0C14E16E50FE495277FE716
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Brazilian Portuguese by H.lio de Souza and Luxy, updated: Jul 2021, for Notepad++ 8.1.2, last update by Marcello, 26 Jul 2024, for Notepad++ 8.7.0..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Brazilian Portuguese" filename="brazilian_portuguese.xml" version="8.7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Arquivo"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="Locali&amp;zar"/>.......<Item menuId="view" name="&amp;Visualizar"/>.......<Item menuId="encoding" name="&amp;Formatar"/>.......<Item menuId="language" name="&amp;Linguagem"/>.......<Item menuId="settings" name="Confi&amp;gura..es"/>.......<Item menuId="t

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\breton.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):67044
                                                                                                                                                                                                                Entropy (8bit):5.23031275052803
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nbY/Ch3io5XNAueqPDvysIaH4suns00p0e:kuSoN+BqPDLIeH
                                                                                                                                                                                                                MD5:5E969C2F4A0403AFEF3EA1261BAD61B2
                                                                                                                                                                                                                SHA1:92F99BEC3E4C079199F24CF64162930C3816E39A
                                                                                                                                                                                                                SHA-256:319C742C3543C45D9BE621A9B289AB345DD49633CD466434C0DAFFA9C32504A1
                                                                                                                                                                                                                SHA-512:D25F396E1FE505085E41C3F6FEB53C9A80B30B70E845F1F069534CD708B716E9B9AF4D6A5D1B460CA8EE89F0B49441967FE22903C0BF8CADD751A2CF2AFD7E5E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Brezhoneg" filename="breton.xml" version="7.8.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Restr"/>.......<Item menuId="edit" name="&amp;Aoza."/>.......<Item menuId="search" name="&amp;Klask"/>.......<Item menuId="view" name="&amp;Diskouez"/>.......<Item menuId="encoding" name="&amp;Enkoda."/>.......<Item menuId="language" name="&amp;Yezh"/>.......<Item menuId="settings" name="Ar&amp;ventenno."/>.......<Item menuId="tools" name="&amp;Ostilho."/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;Sekuti."/>.......<Item menuId="Plugins" name="&amp;Luganto."/>.......<Item menuId="Window" name="&amp;Prenestr"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Digeri. an doser a endalc'h"/>.......<Item subMenuId="file-closeMore" name="Serri. +"/>.....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\bulgarian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):146820
                                                                                                                                                                                                                Entropy (8bit):5.267629818262769
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:Exc6cRhRbuweabYHVD2oAjz8wdbNYCk5NtmhpOqnDRNpnMSHw2gPyfJzXzQnM4VY:ExuRhRGzAUwdJFbXpnMSHw2LBXMe
                                                                                                                                                                                                                MD5:053E95BDA8D44EBF0E82948AD96475C2
                                                                                                                                                                                                                SHA1:CEA31A7D7D59EA63DC07049D462A331D9A07FBD0
                                                                                                                                                                                                                SHA-256:022E2B48B37931142B36EDA98A8C26022F9FF31390324238FBB9896F768A50E4
                                                                                                                                                                                                                SHA-512:54FDA8FEE22D00604F0FFDA742E88BB7856B02ACE93EA1ABDD00366F82B5DA1A5D5D1E25F700C3D30CBA31ED4AED60677D05FA9E84902BA4D9DBD5026BDA576F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ========================================== [ Bulgarian localization ] ===\..|..| Translators:.....: 2014.yyyy . Rusi Dimitrov;..| 2007.2012 . Milen Metev (Tragedy);..| Last revision:...: 08.09.2024 by Rusi Dimitrov <npp[at]rdd.anonaddy.com>..|..\========================================================================== -->..<NotepadPlus>...<Native-Langue name="........." filename="bulgarian.xml">....<Menu>.....<Main>...... ....... ...... -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;..........."/>.......<Item menuId="search" name="&amp;......."/>.......<Item menuId="view" name="&amp;......"/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;........."/>.......<Item menuId="settings" name="&amp;........."/>.......<Item menuId="tool

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\catalan.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (403), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):68602
                                                                                                                                                                                                                Entropy (8bit):5.21343661203212
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:uRLsrdgwt06Z2rYdLvJfRtT0YQ/2qW+2YGw6kfMnXLeancWDsIc/ph39e:uR4306Z2w1R1TfVY5Ieacx/pLe
                                                                                                                                                                                                                MD5:5E4120E7483B3CF219321A3AF95C8F90
                                                                                                                                                                                                                SHA1:65DC2B272C96AB89E4DD3D4DBCCDAE1E521A1992
                                                                                                                                                                                                                SHA-256:A25C71DCB2B86283BDC1CD0D8DA4F0A56D68046882A4A4A0F492855904D4B724
                                                                                                                                                                                                                SHA-512:B19EE152A526509BAD70F0394D34B6833A49A66D382E317ACE46D385AEEEBDB98C2BD1B3336E657CC01776FC30FA48F7194C24A369D1C4CA41AA82E24A30E443
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Catalan translation for Notepad++..Updated 10.06.2020, v7.8.7..By Hiro5 <groccat at gmail>..-->..<NotepadPlus>...<Native-Langue name="Catal." filename="catalan.xml" version="7.8.7">....<Menu>.....<Main>......<Entries>.......<Item menuId="file" name="&amp;Fitxer"/>.......<Item menuId="edit" name="&amp;Edita"/>.......<Item menuId="search" name="&amp;Cerca"/>.......<Item menuId="view" name="&amp;Visualitza"/>.......<Item menuId="encoding" name="Co&amp;dificaci."/>.......<Item menuId="language" name="&amp;Llenguatge"/>.......<Item menuId="settings" name="Co&amp;nfiguraci."/>.......<Item menuId="tools" name="E&amp;ines"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;xecuta"/>.......<Item menuId="Plugins" name="C&amp;omplements"/>.......<Item menuId="Window" name="Fine&amp;stres"/>......</Entries>......<SubEntries>.......<Item subMenuId="file-openFolder" name="Obre la carpeta contenidora"/>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\chineseSimplified.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):95310
                                                                                                                                                                                                                Entropy (8bit):6.181446145956989
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:kav9KZJgn2m+wZaGdJbU+zKV8LYftVShg60bTVTIYHdkFwSiqOlt/kTpK+hXff:kalb+wZaGdJbUptz9kFwgOltYpVf
                                                                                                                                                                                                                MD5:DC252B0E7CA37EB8CA096A3733BC3312
                                                                                                                                                                                                                SHA1:7593E69D83B5A6A70317DFF9B5C703EF6FF52BFF
                                                                                                                                                                                                                SHA-256:427DDC37B85938815F81B5669A1A40BB0AC10DF8FC95E46B3595AB825CC03F2A
                                                                                                                                                                                                                SHA-512:5B4041A0C25CE066CA03F73F720CAE41437710FB1230563CC13013BAFCDD896663364B07F72847650513CD48B3F0C62D5E85B0E748C59EA66898A4D6A99CA269
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="...." filename="chineseSimplified.xml" version="8.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="..(&amp;F)"/>.......<Item menuId="edit" name="..(&amp;E)"/>.......<Item menuId="search" name="..(&amp;S)"/>.......<Item menuId="view" name="..(&amp;V)"/>.......<Item menuId="encoding" name="..(&amp;N)"/>.......<Item menuId="language" name="..(&amp;L)"/>.......<Item menuId="settings" name="..(&amp;T)"/>.......<Item menuId="tools" name="..(&amp;O)"/>.......<Item menuId="macro" name=".(&amp;M)"/>.......<Item menuId="run" name="..(&amp;R)"/>.......<Item menuId="Plugins" name=

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\corsican.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):115644
                                                                                                                                                                                                                Entropy (8bit):5.291711224712862
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:/9pcbBWqpnw34HoeAaEXRbRJ4u0OJowk0DQGk7Kw4i4+o8JuvFSeYqA18aEekWIM:/9pcbBWqpnw34HoeAaEXRbRJ4u0OJowA
                                                                                                                                                                                                                MD5:7E76846E7B4320E8D7DCD2DD3DE7F794
                                                                                                                                                                                                                SHA1:2FBD34ABAE82338E90F1E70A855052117526F55B
                                                                                                                                                                                                                SHA-256:CE151F8C56F41D83DCA41723A5F83D4486E5E09AD0A58502300FC2EEEE427324
                                                                                                                                                                                                                SHA-512:A8A227147B960A29C899CA6BCFCBCEAF1F6279623CA738F22188E6C4371DE4ABC68F957361D88C50C27E459B9588779F24883B352979C0838A9D896F2D87E7D8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print" command...2. All the comments are for explanation, they are not for translation...-->.. ..Additionnal information about Corsican localization:....1. The latest update of Corsican translation file is available here:...https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/corsican.xml....2. History of Corsican translation for Notepad++:.....- Updated in 2024 by Patriccollu di Santa Maria . Sich.: Feb. 5th (v8.6.3), Mar. 10th (v8.6.5), Apr. 30th (v8.6.6),..... June 13th (v8.6.9), Sept. 8th (v8.7)...- Updated in 2023 by Patriccollu di Santa Maria . Sich.: Feb. 24th (v8.5), Mar. 12th (v8.5.1), Mar. 31st (v8.5.2),..... May 7th (v8.5.3), June 9th (v8.5.4), Aug. 1st (v8.5.5), Aug. 7th (v8.5.6), Oct. 7th (v8.5.8),..... Nov. 15th (v8.5.9), Nov. 22nd (v8.6), De

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\croatian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):108136
                                                                                                                                                                                                                Entropy (8bit):5.293374011250248
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:6aAbYBShQQsVOe+BsI+w8Rj4fyiQ4yp90we:6hYBQsVOe+Bs7w8QyAU90T
                                                                                                                                                                                                                MD5:0A90F4EE7C0737CA1487C6F7D5F68945
                                                                                                                                                                                                                SHA1:BF2D992B35E11D7710FB4DCC811D949F24C0E9F6
                                                                                                                                                                                                                SHA-256:66A0922E27F84B3F88CDA529922FB4239B26968D9897312C36A2FF9AC75B8864
                                                                                                                                                                                                                SHA-512:F087C480229FABE7A8035FF201DE40101175BF4AECEE5D4EB3E2762A9A025FD1B1A8C662FCE7D7B07B9E2C5FDA3D4CB5520C50D20BD4A068626A0AFA84543A59
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Croatian localization for Notepad++...Updated 30 July 2024 by Elvis Gambira.a (el.gambo@gmail.com)...All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Hrvatski" filename="croatian.xml" version="8.7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Datoteka"/>.......<Item menuId="edit" name="&amp;Ure.ivanje"/>.......<Item menuId="search" name="Pre&amp;traga"/>.......<Item menuId="view" name="&amp;Prikaz"/>.......<Item menuId="encoding" name="&amp;Format"/>.......<Item menuId="language" name="&amp;Sintakse"/>.......<Item menuId="settings" name="P&amp;ostavke"/>.......<Item menuId="tools" name="&amp;Alati"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="Pok&amp;retanje"/>.......<Item menuId="Plugins" name="Doda&amp;ci"/>.......<Item menuId="Window" name="&amp;Kartice"/>......</Entries>.....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\czech.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):109768
                                                                                                                                                                                                                Entropy (8bit):5.514195200017735
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:MczcBk+C35fqLkMpMHaME/Oi9Pn3UCdgWejXj2/VkLs/1cqx:r3CtcU
                                                                                                                                                                                                                MD5:C14A675EF840F468E83F097A8B230352
                                                                                                                                                                                                                SHA1:DFB25F242E4D53B8944E1C32234C602D45783A15
                                                                                                                                                                                                                SHA-256:7BBBCB4721D3B2CF5DDC3666AC2F1A412D211E17F9B484DA0F45E46F2B38BFDE
                                                                                                                                                                                                                SHA-512:7E921169908FF73785327795414CB8AC15A8CBA3215E1E05359CB3F50B3B23DC124850E9264C56A8FD108287CF4BCF94D1036052484FA10BC699505A097DD205
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...- last change: Notepad++ 8.7.0 10/Sep/2024 by Ond.ej M.ller (mullero@email.cz)...- N++ Community QA: https://notepad-plus-plus.org/community/topic/87/czech-translations...- contributors: Ond.ej M.ller (mullero@email.cz), Tom.. Hrouda (gobbet@centrum.cz), Martin Darebn. (darBis)...- the most recent version of this file can be downloaded from the project master-branch here: https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/czech.xml..-->..<NotepadPlus>...<Native-Langue name=".e.tina" filename="czech.xml" version="8.7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Soubor"/>.......<Item menuId="edit" name=".&amp;pravy"/>.......<Item menuId="search" name="&amp;Naj.t"/>.......<Item menuId="view" name="&amp;Zobrazit"/>.......<Item menuId="encoding" name="&amp;Form.t"/>.......<Item menuId="language" name="Synta&amp;xe"/

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\danish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):84733
                                                                                                                                                                                                                Entropy (8bit):5.249188662057102
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:WLEOlLUF7fpzjs3TS1wA8KrpUIB91FzKaNx3za6y31DfzbxULY6hc5OJTC9PtU/F:WLJ0pf0fIB91FzKaNx3JyZLPU/1Apbne
                                                                                                                                                                                                                MD5:278EFD7D6098904FC2D7E763D7EDC823
                                                                                                                                                                                                                SHA1:69B1C276E63A8068A9C1F1B72D0ABEC44587FA0C
                                                                                                                                                                                                                SHA-256:D97CFEC33139A1E032C8CB35BD78AA666DB8D88BC8D5D032359A4C79551BBFC4
                                                                                                                                                                                                                SHA-512:440367E1DDD4C99F7AF2425C014D5B659CA780207E935498BA9347DAB466FAE910855C67A515D786360A7D7F29DA3F4613812AE0966633500EC598C9EADFB7D2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name="Dansk" filename="danish.xml" version="8.5.2">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Filer"/>.......<Item menuId="edit" name="R&amp;ediger"/>.......<Item menuId="search" name="&amp;S.g"/>.......<Item menuId="view" name="&amp;Vis"/>.......<Item menuId="encoding" name="Kod&amp;ning"/>.......<Item menuId="language" name="S&amp;prog"/>.......<Item menuId="settings" name="Inds&amp;tillinger"/>.......<Item menuId="tools" name="V.&amp;rkt.jer"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;K.r"/>.......<Item menuId="Plugins" name="P&amp;lugins"/>.......<Item menuId="Window" name="V&amp;induer"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".bn kildemappe"/>

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\dutch.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):103305
                                                                                                                                                                                                                Entropy (8bit):5.181233299462483
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:kIq4pAjNgjvcGUuSrjbb5Xy1x/FXXp/3f:kWpAjNgjvcGUuSrXRylX53
                                                                                                                                                                                                                MD5:8C08E979B862360812E6A4CCFAA1EFD9
                                                                                                                                                                                                                SHA1:9A81A3489DA804CC352416EA7FEAC9FD7E2DD332
                                                                                                                                                                                                                SHA-256:D5638C96231D4135C56F81EFCECFE467779FD81DA1653D6C5188303917B67831
                                                                                                                                                                                                                SHA-512:65E3A169B9B4E7D972C2EC69A6CBC3106581E509F6B0F97AE246753E7582F832F5E4FD3EEAB510788351F9F0002CE5B8E6E05BC7C3B855363A66EE46BAE4876C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation.....Dutch localization for Notepad++..Modifications until 2018-03-26 by Klaas Nekeman (knekeman(at)gmail.com)...Modifications until 2020-05-26 by xylographe <wr86420@gmail.com>...Modifications from 2021-01-28 and onwards by Thomas De Rocker (RockyTDR, notepadplusplus(at)rockytdr.33mail.com)....Last modified on 2024-06-06 by Thomas De Rocker (RockyTDR)...-->..<NotepadPlus>...<Native-Langue name="Nederlands" filename="dutch.xml" version="8.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Bestand"/>.......<Item menuId="edit" name="Be&amp;werken"/>.......<Item menuId="search" name="&amp;Zoeken"/>.......<Item menuId="view" name="B&amp;eeld"/>.......<Item me

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\english.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):98194
                                                                                                                                                                                                                Entropy (8bit):5.23859845469495
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:yaV0EXGv7GJs4bRKgtneY6ibCZ6+pp2Qf:yc3SqzbRKg1Cx3
                                                                                                                                                                                                                MD5:6DAAF86FB1E81CB310C99F10C6F45502
                                                                                                                                                                                                                SHA1:ACF9A84B3C6A3E478F2602CC408C5F09E21D917D
                                                                                                                                                                                                                SHA-256:511BD81C2FC9C8D03163F0EA5D9BBD273699C638A04709CDB25FAE74F44E1198
                                                                                                                                                                                                                SHA-512:34B23F1A179A68E807FE52DC587055AFCEF29BE559C74ED3542B6D32334B8770D3C25FEA98EB8F194E1BD86275F1CCABFB65BF7BD232C7802D6BF8E5F4579E34
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="English" filename="english.xml" version="8.6.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Edit"/>.......<Item menuId="search" name="&amp;Search"/>.......<Item menuId="view" name="&amp;View"/>.......<Item menuId="encoding" name="E&amp;ncoding"/>.......<Item menuId="language" name="&amp;Language"/>.......<Item menuId="settings" name="Se&amp;ttings"/>.......<Item menuId="tools" name="To&amp;ols"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="&amp;Run"/>.......<Item menuId="Plugins" name="&amp;Plugins"/>.......<Item menuId="Window" n

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\english_customizable.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):98194
                                                                                                                                                                                                                Entropy (8bit):5.2390684839283495
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:yao0ExGRqGJs4bRKgtneY6ibCZ6+pp2Qf:y33EdzbRKg1Cx3
                                                                                                                                                                                                                MD5:2EAD7FB9E5B8C2641349188F49847B3A
                                                                                                                                                                                                                SHA1:9DB94AEB117D8912258820AABBEC85CFB692A997
                                                                                                                                                                                                                SHA-256:6E464F653813F4A490B5081E9A3F10A4C33F0D3FD034B65C673687B0B755746A
                                                                                                                                                                                                                SHA-512:A15BF143CF4913C3F6DD61A8118E1C8BAD0944EF7E796D405FFB01BEE0B8F24B21E1DED58D22DA05F8EABFB7B0329E287E4CE23311B1DB2C9C41675A60F78391
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="English" filename="english_customizable.xml" version="8.6.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Edit"/>.......<Item menuId="search" name="&amp;Search"/>.......<Item menuId="view" name="&amp;View"/>.......<Item menuId="encoding" name="E&amp;ncoding"/>.......<Item menuId="language" name="&amp;Language"/>.......<Item menuId="settings" name="Se&amp;ttings"/>.......<Item menuId="tools" name="To&amp;ols"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="&amp;Run"/>.......<Item menuId="Plugins" name="&amp;Plugins"/>.......<Item menu

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\esperanto.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (463), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):47754
                                                                                                                                                                                                                Entropy (8bit):5.163799473406582
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:ooJnxIG0dWM0lA9U74t+8FN/nbiWjUnCR2/yAlhzfmGj8N+uiUGCtUmZuwRJYyLg:HJnO10MOCEvTe6twUMUoGb0894m
                                                                                                                                                                                                                MD5:0F8D89D82B896172E0A225EC739D9752
                                                                                                                                                                                                                SHA1:2EA49D996DA9B144BCEE8DD2F27F9030F5EDA1EC
                                                                                                                                                                                                                SHA-256:321E0E8AC53E6062496A519CEC3034BE8C4AF2E5108427AAC7F8B65D749155E0
                                                                                                                                                                                                                SHA-512:F488207DE9A16061A1A75F2BDEAABE41ADA6B662FCC1DC7F9014D749EF3F8B772A7D2F47CEBD9369489E73F0BEFBBBE2343E0F42D472E19B775C37037A41910A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Francesco Costanzo: invincibile(.e)users.sourceforge.net...Unua traduko: decembro 2010 (v5.8.6) - unua publikigo: v5.8.7...Lasta .isdatigo: la 9an de majo 2014, v6.6.2...Korajn dankojn al tiuj, kiuj konigis rimarkojn kaj erarojn....Pli da informoj .e la fino de la dokumento...*********** BONAN LABORADON KUN NP++! :) ***********..-->..<NotepadPlus>...<Native-Langue name="Esperanto" filename="esperanto.xml">....<Menu>.....<Main>...... .efaj menuoj -->......<Entries>.......<Item menuId="file" name="&amp;Dosiero"/>.......<Item menuId="edit" name="&amp;Redaktado"/>.......<Item menuId="search" name="&amp;Ser.ado"/>.......<Item menuId="view" name="&amp;Vido"/>.......<Item menuId="encoding" name="Signar&amp;kodo"/>.......<Item menuId="language" name="&amp;Lingva.o"/>.......<Item menuId="settings" name="&amp;Agordoj"/>.......<Item menuId="macro" name="&amp;Makroo"/>.......<Item menuId="run" name="&amp;Lan.ado"/>.......<Item menuId="Plug

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\estonian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):47332
                                                                                                                                                                                                                Entropy (8bit):5.12410656592598
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:MFCJjsKsDsYms+G2Z/FHx3QpiSX4ENH7e:MkJjJkQ6wSTJe
                                                                                                                                                                                                                MD5:D10807C65DD7F9080DFD2063F0FC1482
                                                                                                                                                                                                                SHA1:7DBB40D816F36F6004CFE0A29982E1B8C0C389B2
                                                                                                                                                                                                                SHA-256:0E6BCC2AD0CB68E2B39A7804C6DB59BDF0251680F630C85B53A9B71F9A623BF6
                                                                                                                                                                                                                SHA-512:969E0E41BD0F6867765734B3AC7C4ED8CD91384C1B1A9A9055B0DDC18BB551B75FED7CABB67F5711C4D0F4B69D8CE9D7A081B34C4EAA3A6140A12865F7AE7795
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Estonian translation by Andres Traks..https://github.com/AndresTraks/..-->..<NotepadPlus>...<Native-Langue name="Estonian" filename="estonian.xml" version="7.3.1">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fail"/>.......<Item menuId="edit" name="&amp;Redigeeri"/>.......<Item menuId="search" name="&amp;Otsi"/>.......<Item menuId="view" name="&amp;Vaade"/>.......<Item menuId="encoding" name="Ko&amp;deering"/>.......<Item menuId="language" name="&amp;Keel"/>.......<Item menuId="settings" name="&amp;S.tted"/>"/>.......<Item menuId="tools" name="T&amp;..riistad"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="K.ivita"/>.......<Item menuId="Plugins" name="Pluginad"/>.......<Item menuId="Window" name="Aken"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Ava faili sisaldav kaust"/>.......<I

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\extremaduran.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20428
                                                                                                                                                                                                                Entropy (8bit):5.09546734339474
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nKtoy23gJQXH6tHJ4jnIJJw6msa/2+Aoe:nFH6t9OsGe
                                                                                                                                                                                                                MD5:73556025D982B3E02C8F427E0EF806D5
                                                                                                                                                                                                                SHA1:6F13557E667735B38F182DDDB9ED54ADF1458F46
                                                                                                                                                                                                                SHA-256:9776B0CD6DC0D4987DC6C722032CB998B4A929863A352D0EC85E9918ECADC51F
                                                                                                                                                                                                                SHA-512:C870315D9BC19663859E80BD716C915BBC2C15514F0D79401A1D35FBD5E3DCCB343E1BDC40D6F3F6054DEB7D9B7FC37E1E6642F0C1666AD9EEAD1AF926124FD9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Estreme.u" filename="extremaduran.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="A&amp;rchivu"/>.......<Item menuId="edit" name="&amp;Eital"/>.......<Item menuId="search" name="&amp;Landeal"/>.......<Item menuId="view" name="&amp;Vel"/>.......<Item menuId="encoding" name="Hor&amp;matu"/>.......<Item menuId="language" name="L&amp;uenga"/>.......<Item menuId="settings" name="&amp;Configurazi.n"/>.......<Item menuId="macro" name="Macru"/>.......<Item menuId="run" name="Ehecutal"/>.......<Item menuId="Plugins" name="'Plugins'"/>.......<Item menuId="Window" name="Ventana"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Estrechal el nivel"/>.......<Item subMenuId="view-uncollapseLevel" name="Espandil"/>......</SubEntries>........ all menu item -->......<Commands>.......<Item id="410

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\farsi.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):53291
                                                                                                                                                                                                                Entropy (8bit):5.370388760460584
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:5ecYeRJJydvikrs1l2Z/93lRq2TFbGciOnBje:5eZeXJyVrs1l2Z/93lRq2TFzigBje
                                                                                                                                                                                                                MD5:25A4F22C991832B8086CC6589F16A3D3
                                                                                                                                                                                                                SHA1:81A480CEF8369C5595E037C5EE88648D8AEA4378
                                                                                                                                                                                                                SHA-256:8C04969DBB4A7EED05FAA79A25D561F6A7DF312AA414339C3307E6FAC83C054F
                                                                                                                                                                                                                SHA-512:0033E931FE329B71552CB3109F91B58650021B806F67A05BCBB0EA578A3F619C58378854790D4401C76B202A5B23D87B683A3E1A40687DD49BAFA5BFF21B307F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Farsi" RTL="yes" editZoneRTL="no" filename="farsi.xml" version="7.0" -->...<Native-Langue name="Farsi" RTL="yes" filename="farsi.xml" version="7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="......"/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="......"/>.......<Item menuId="encoding" name="........"/>.......<Item menuId="language" name=

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\finnish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):85463
                                                                                                                                                                                                                Entropy (8bit):5.198350176218129
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:tVgdWQJEqrKrYq22vNQKDSNehi1rjDShAEpJBj6JMrl1w/U7Qzyl7pSKpL:tmoqmrYqTFYNehixOoU7dl7pLpL
                                                                                                                                                                                                                MD5:F71562666EFECEC28F7DC1178F5E375E
                                                                                                                                                                                                                SHA1:DABC62171CB974787CB550A64606510930B5BE8A
                                                                                                                                                                                                                SHA-256:F5BD518A61D786D5C05856D70BC1353759261BDF71991162141BC7AC2AD77299
                                                                                                                                                                                                                SHA-512:C7D2291B4D2B5E472436E8CE7BDAB197A7588802028D6A71693EA1C8223C05731CE871C78E2738DBD38ECE753BE0CDB5A3AE4495B9EFE628C9BF123A67348934
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. Finnish translation for Notepad++..Updated to v8.6 fixed version..-->..<NotepadPlus>...<Native-Langue name="Finnish" filename="finnish.xml" version="8.6">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Tiedosto"/>.......<Item menuId="edit" name="&amp;Muokkaa"/>.......<Item menuId="search" name="&amp;Etsi"/>.......<Item menuId="view" name="&amp;N.yt."/>.......<Item menuId="encoding" name="Tiedostom&amp;uoto"/>.......<Item menuId="language" name="&amp;Koodikieli"/>.......<Item menuId="settings" name="&amp;Asetukset"/>.......<Item menuId="tools" name="Ty.&amp;kalut"/>.......<Item menuId="macro" name="Mak&amp;ro"/>.......<Item menuId="run" name="&amp;Suorita"/>.......<Item menuId="Plugins" name="&amp;Liit.nn.iset"/>.......<Item menuId="Window" name="&amp;Ikkuna"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Avaa kansi

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\french.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):109688
                                                                                                                                                                                                                Entropy (8bit):5.2414818779468915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yayANMQmE0WmeaLJu6uX4OArUioF7Uc3YR/OZ1iLarNouvFdRa8qzTAedRwgPdDZ:yaTNXotLJYFgxRchokFwm6DHcJ2pae
                                                                                                                                                                                                                MD5:6024E972D073FA0543B9E817BDBC7BD4
                                                                                                                                                                                                                SHA1:9C73F7B575B630D87B8D3277DFEC31916A56BC8B
                                                                                                                                                                                                                SHA-256:0DA86713BADE7D40CA13A1EE1889AAB09BA97103B71674C9E873F0A80D96D360
                                                                                                                                                                                                                SHA-512:54D5256B4A741D5F84185CF273FF20724B1C9D3E3FE15107F7EC0CFCCEDFE70D5B4503A33A8543BF311856952194E14FFDC117DC23D4CF7DF307632158EA73A1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Fran.ais" filename="french.xml" version="8.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fichier"/>.......<Item menuId="edit" name="&amp;.dition"/>.......<Item menuId="search" name="&amp;Recherche"/>.......<Item menuId="view" name="&amp;Affichage"/>.......<Item menuId="encoding" name="E&amp;ncodage"/>.......<Item menuId="language" name="&amp;Langage"/>.......<Item menuId="settings" name="&amp;Param.tres"/>.......<Item menuId="tools" name="&amp;Outils"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;x.cution"/>.......<Item menuId="Plugins" name="Modules d.ex&amp;

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\friulian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27785
                                                                                                                                                                                                                Entropy (8bit):5.083309736761883
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nhADmxHGLck1I5q6+aoPy1Y/ZtQSBHFlYNPe0vXVbme:nK6xB/5BwZtZRFlA9me
                                                                                                                                                                                                                MD5:AA74CA424AE6104B145E8D3B945A7CB9
                                                                                                                                                                                                                SHA1:CE582F8CEE3DC6BB9D4CFEA32C8B0D0DB5449F4D
                                                                                                                                                                                                                SHA-256:0BA08E38BB9967D800503D321554C3C48E492F5AF9FC90F75195D1DE28E9D175
                                                                                                                                                                                                                SHA-512:F225E8B394ABE82558A0FE9A6F0AB3B3A1EF67525CD0A8EC647D74E8A45A50AC6F81FE3BADACF5B844F2F8871CAC93994837CB97BFCAF3381C973655091A9C3E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Furlan" filename="friulian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="Mo&amp;difiche"/>.......<Item menuId="search" name="&amp;C.r"/>.......<Item menuId="view" name="&amp;Viodude"/>.......<Item menuId="encoding" name="For&amp;m.t"/>.......<Item menuId="language" name="&amp;Lenga."/>.......<Item menuId="settings" name="&amp;Impostazions"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="Invie"/>.......<Item menuId="Plugins" name="Plugins"/>.......<Item menuId="Window" name="Barcon"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Copie tai Aponts"/>.......<Item subMenuId="edit-indent" name="Indentazion"/>.......<Item subMenuId="edit-convertCaseTo" name="Conversion Maiuscul/Minuscul"/>.......<Item subMenuId=

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\galician.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF, CR line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):105913
                                                                                                                                                                                                                Entropy (8bit):5.215727880332793
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yaIUxqr6x5M9cdM0A6DooxJS7lNmWkMFELCDJAwJ+ZyYB3GhuipAzmZ4e:yaLihr6FxObQCFLMZpWPpAZe
                                                                                                                                                                                                                MD5:1327DF383F8C7390ABD095E0BC6D0788
                                                                                                                                                                                                                SHA1:03230B8F13B6FFA5F150DBA301D994F6EF244228
                                                                                                                                                                                                                SHA-256:BD81D804D41C3CB3A6B774819EE53ADD1DA865C4AD54DDBD1F42551874842E13
                                                                                                                                                                                                                SHA-512:B3ABDAB50FED09B86E7018BB9716E7DA001388449E7B6476C0D239894FD9A6556D49D60AD420722DB155710A210FACCE86F39B71172D66551477D4EE83D6D360
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Galego" filename="galician.xml" version="8.7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Arquivo"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Buscar"/>.......<Item menuId="view" name="&amp;Vista"/>.......<Item menuId="encoding" name="Co&amp;dificaci.n"/>.......<Item menuId="language" name="&amp;Linguaxe"/>.......<Item menuId="settings" name="C&amp;onfiguraci.n"/>.......<Item menuId="tools" name="&amp;Ferramentas"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;xecutar"/>.......<Item menuId="Plugins" name="Complemen&amp;tos

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\georgian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):50925
                                                                                                                                                                                                                Entropy (8bit):4.800534182370987
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:pkXURDzwQA7IhAK/TKIDK6HweoEdByDFrohFJF7FF/jQw3vlSyf8+wKBoo/+G9BM:psa/4u1e
                                                                                                                                                                                                                MD5:C21811DE2B3EAE48DC092216CB105CC8
                                                                                                                                                                                                                SHA1:387FBD1437ADDC75308B9680CC89A4C513A35F69
                                                                                                                                                                                                                SHA-256:714EBAE36CC13D8E2A315A829528ED0145A5164E607BB100C50D86D9F3327223
                                                                                                                                                                                                                SHA-512:7D0D03E9F8DAFC9681F113669A9CAC680F86C0FF4FC52C58FFA07869EBE69A9192891A8F2CBAFCB93139B41FB73C65A35F8E0986460E421DA30B42A8715F0FC6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Georgian localization for Notepad++ 6.2.3...Translated By UGLT....Contact Us: info@uglt.org..-->..<NotepadPlus>...<Native-Langue name="......." filename="georgian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;....."/>.......<Item menuId="edit" name="&amp;.........."/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;...."/>.......<Item menuId="encoding" name="&amp;........"/>.......<Item menuId="language" name="&amp;........"/>.......<Item menuId="settings" name="........"/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name="......."/>.......<Item menuId="Plugins" name=".........."/>.......<Item menuId="Window" name="......."/>......</Entries>........<!

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\german.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):106874
                                                                                                                                                                                                                Entropy (8bit):5.299854656740734
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:y0+8JU25ypvVpz10995hdRfLveg+Qbp0Jq6p/Q0Fm0S//p/ZehGvA0KMuUbiJBvm:yz4UtpvVprfWehGY023R+1
                                                                                                                                                                                                                MD5:2AEFF8F5B670E417E0F1D7FCA48C2419
                                                                                                                                                                                                                SHA1:8869D8784FAEC718780B5DE7B852136524CA0152
                                                                                                                                                                                                                SHA-256:8059CA219BB3E92EBE9947B4F062CD633C586E51465D1C2F33998B918B5AF75D
                                                                                                                                                                                                                SHA-512:81AFB9384F07CC4EBB707AB135E849A8AF8412773CBD44818A1D62FF7B7A2A3E3D7155E766798C78B979B636F1A0B35DE62C5845C35F7A1C6F498F413E61EE86
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation......German localization for Notepad++.....Please report errors, suggestions etc. here: https://github.com/notepad-plus-plus/notepad-plus-plus/issues...Check actual pull requests here too: https://github.com/notepad-plus-plus/notepad-plus-plus/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+german.....The most recent version of this file can usually be downloaded from:...https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/german.xml...or a copy at: http://www.should.keepfree.de/N++/german.xml.txt (rename to german.xml)..-->..<NotepadPlus>...<Native-Langue name="Deutsch" filename="german.xml" version="2024-09-08"> basiert auf english.xml 8.6.9 vom 07.09.2024 -->..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\greek.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):100697
                                                                                                                                                                                                                Entropy (8bit):5.558193119546212
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nxG8X7bWwfkgAIk9gb39bhhccJ/+TKRWUZQcne0i3pse:ZJkxelhpJGrUZQ6Wv
                                                                                                                                                                                                                MD5:2A0ADF6DF6B924E5D7003F8FED0C3B54
                                                                                                                                                                                                                SHA1:4427D1AED4D92820AC33F9005295EF8CB69D0B9D
                                                                                                                                                                                                                SHA-256:8A628F5E28C91BF687196ABB82C409F39636030DD10D1B5FD820F065B1C21F47
                                                                                                                                                                                                                SHA-512:0695A03AAF7FC54891FDCC7C5E5D28A18980AC894BC00FBF7D780B510D5C6CF9F2406FE0BF4BD09E0EA64AA08AD2490D7FE925A87FDB536ED818613AB455842E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Greek" filename="greek.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;......"/>.......<Item menuId="edit" name="&amp;..........."/>.......<Item menuId="search" name="..&amp;...."/>.......<Item menuId="view" name="&amp;......."/>.......<Item menuId="encoding" name="&amp;............"/>.......<Item menuId="language" name="&amp;......"/>.......<Item menuId="settings" name="..&amp;......."/>.......<Item menuId="tools" name="........"/>.......<Item menuId="macro" name="..........."/>.......<Item menuId="run" name="........"/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name="........"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-autoCompletion" name="........-...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\gujarati.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):58338
                                                                                                                                                                                                                Entropy (8bit):5.132716889380602
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:hIQwQW88hJiMVEjeS3ekzECKDtgLkO868WiEJx/y+110vYMhKlLeo3TWD8e:hlwQW88hGjen7nDtPdc/3Tk8e
                                                                                                                                                                                                                MD5:B6118285C78BD4F73A5F746EDDC5B394
                                                                                                                                                                                                                SHA1:83AF9AACAB02F22A9A72632D2B0A9CB81BA01784
                                                                                                                                                                                                                SHA-256:B1F499CB892A06F434216FA9B4078D295B8B4AE3620692CA2F619027354E9342
                                                                                                                                                                                                                SHA-512:1B2916B88037DF58242B131A02B5439C2C16EAA4FC2CB9E89A49A4CD666500631D88857C73CD0F85EE9D1749FE786B5B1AD7B454D2ED86F4EB99AC38B585D017
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>...<Native-Langue name="......." filename="gujarati.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;...."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name="......"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="...... ...... ...."/>.......<It

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\hebrew.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):21191
                                                                                                                                                                                                                Entropy (8bit):5.101733028860273
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:/gq+f7e7Igm0PuyosNiC2tGJReu9u72ZgqAf:/gqu7e7Igm0PisdKG6u22ZgqAf
                                                                                                                                                                                                                MD5:C972D84A73ABCABCFB5ADBF8AEDBC26A
                                                                                                                                                                                                                SHA1:756A8B13563D9FD187297F3CB644A733E3A6C716
                                                                                                                                                                                                                SHA-256:E0E03A613B39999AE7C909AD25A8D1D60360507FDBD800E1608203825B1BD64F
                                                                                                                                                                                                                SHA-512:1ACE8A5544505B93515D15E96492B5A3CBAA6E72248983A4938D57F81FAD981952ACEBA46765738F9688B4BF2B65D5806454C07BE51218D484E4308BC1401F74
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Hebrew" RTL="yes" editZoneRTL="no" filename="hebrew.xml" -->...<Native-Langue name="Hebrew" RTL="yes" filename="hebrew.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;....."/>.......<Item menuId="language" name="&amp;..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\hindi.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):97226
                                                                                                                                                                                                                Entropy (8bit):5.118565425293853
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:vlW/m2zaTDLzXEDk6ZL2RV0gcH+FiXQXvejb0A2p4fe:vI/m6aTDLzXEw6ZLCxceFiXKp4fe
                                                                                                                                                                                                                MD5:B6034AAB105540F785639BF9BC25328A
                                                                                                                                                                                                                SHA1:95D6E36D957C9FD6CAC9EC2C390D13570F2AE8AD
                                                                                                                                                                                                                SHA-256:ABEE28492CFEFABFC588B7AD72346E1D5EEEFF58DBD79A61664F12C06175CCF3
                                                                                                                                                                                                                SHA-512:5E543E7B6A6861099A5AB1E54F22FD5078B68A28B406DCA2DF8AC85321D1C1E68D54081595313472863E6025DD9722A8928E46C260835EC9DC2865324EAB8198
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ...::Hindi language file for Notepad++ ::.....** created By:- Rathin A. Dholakia **....Email- rathin2j@gmail.com...** Last Updated on 22/10/2019 by Rajendra Singh (singh.rajen15@gmail.com) **..-->..<NotepadPlus>...<Native-Langue name="......" filename="hindi.xml" version="7.8.1">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;...."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name="&amp;...."/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="tools" name="....."/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" nam

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\hongKongCantonese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):98768
                                                                                                                                                                                                                Entropy (8bit):6.1851880660719125
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nv7e4F9GAGQJZ9D13FZDlRf8QDhjpqJmrxHpNBeme:nDe4uAGQbVZrDf88jpq41pVe
                                                                                                                                                                                                                MD5:0C8E04033C6B06C7C62D58CD2C0AE1B6
                                                                                                                                                                                                                SHA1:616DD72C0A1C774C3D4EB483B215E55E3034C16D
                                                                                                                                                                                                                SHA-256:2DC2CB5CE2D7E0824F6632DCD641E59C5E974EB698AAC90D87DCAE701D1EF49F
                                                                                                                                                                                                                SHA-512:8AA995C3BAB573311BBC01D33DC4916A51E86A9DC0835BF136A7DB06F7396ADEB3ACD1E9BC18EE6EF0D7A901FEDBE547C2CE500E059185C1CF01FA26021E05B7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="....." filename="hongKongCantonese.xml" version="8.5">.... //.. This localization project is maintained by real Hongkongers who speak native Hong Kong Cantonese... Welcome issues and pull requests in Github repository:.... https://github.com/Edditoria/notepad-plus-plus-localization-hong-kong.. //-->....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="..(&amp;F)"/>.......<Item menuId="edit" name="..(&amp;E)"/>.......<Item menuId="search" name=".(&amp;S)"/>.......<Item menuId="view" name=".(&amp;V)"/>.......<Item menuId="encoding" name="..(&amp;N)"/>.......<Item menuId="language" name="..(&amp;L)"/>.......<Item menuId="settings" name="..(&amp;T)"/>.......<Item menuId="tools" name="..(&amp;O)"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="..(&amp;R)"/>.......<

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\hungarian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (355), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):90006
                                                                                                                                                                                                                Entropy (8bit):5.408163920431674
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:2ZdVfWMW4g9MPFsEx8DoE5Xmw0HWdmsappaxj2S3y/JpejeFc9o2pZ0He:2Rs3ESDo0mlHSTxj2SiYeFctpZ0He
                                                                                                                                                                                                                MD5:C95988ECF9D6474A0F6705FC415297CC
                                                                                                                                                                                                                SHA1:A77CEC6B0B6A95887DA7EB47F87ED2AA70353144
                                                                                                                                                                                                                SHA-256:A4DA3852E057A4B4DCB3ACCFB68D80ADD7DCF2486FA5153172DB641A66BEA21B
                                                                                                                                                                                                                SHA-512:D971D6918738FB0766286B384DC1B169D5B7C8EF3EC471107AC80D0A5D9726A6149474FEA377CB0C6B65A774D8E598304EDD1E9C15F9AAA9BFF681051D6D3F1B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Hungarian Language created by Gy.rgy Bata -->.. Email: batagy.ford kukac gmail pont com -->.. Webpage: http://w3.hdsnet.hu/batagy/ -->.. Forum topic: https://notepad-plus-plus.org/community/topic/80/hungarian-translation-->.. Prohardver topic: https://prohardver.hu/tema/re_notepad/friss.html -->.. For Notepad++ Version 8.4.3, modified on 2022.07.05 -->..<NotepadPlus>...<Native-Langue name="Magyar" filename="hungarian.xml" version="8.4.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;F.jl"/>.......<Item menuId="edit" name="&amp;Szerkeszt.s"/>.......<Item menuId="search" name="&amp;Keres.s"/>.......<Item menuId="view" name="&amp;N.zet"/>.......<Item menuId="encoding" name="K.&amp;dol.s"/>.......<Item menuId="language" name="Ny&amp;elv"/>.......<Item menuId="settings" name="&amp;Be.ll.t.sok"/>.......<Item menuId="tools" name="Es&amp;zk.z.k"/>.......<Ite

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\indonesian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (341), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):91292
                                                                                                                                                                                                                Entropy (8bit):5.2094762664397685
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:mEbpmOFsdejE0pmVK7n47tarGKEbc2D73QlqImCSpytcyfi65p9elnf:mrLMn4JFPsqI1qep9elnf
                                                                                                                                                                                                                MD5:1832FA3BD729110D6D1769981DA581BD
                                                                                                                                                                                                                SHA1:052E6A10D5E919423D19B933BB0F58F9BE2DC134
                                                                                                                                                                                                                SHA-256:B5506F04476B3BF8F02D9A91A6729FD716C792EA5FDCF052F5E6F014DF14B11F
                                                                                                                                                                                                                SHA-512:D70BE8DAC904AB12686424594258834B8D5B746FAF4DE75314B43AE088E2D193C245906E6E266A67FC76C5E7C6C1F1347708B036834484A5523F690B26983680
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Indonesian Translation for Notepad++..Authors: Nicedward(7.5.5); Sahid A.Z.(8.5)..Last modified by Sahid A.Z. on 3/3/2023..-->..<NotepadPlus>...<Native-Langue name="Indonesian" filename="indonesian.xml" version="8.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Berkas"/>.......<Item menuId="edit" name="&amp;Edit"/>.......<Item menuId="search" name="Ca&amp;ri"/>.......<Item menuId="view" name="&amp;Tampilan"/>.......<Item menuId="encoding" name="Pe&amp;ngodean"/>.......<Item menuId="language" name="Ba&amp;hasa"/>.......<Item menuId="settings" name="&amp;Pengaturan"/>.......<Item menuId="tools" name="&amp;Alat"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;Jalankan"/>.......<Item menuId="Plugins" name="P&amp;lugin"/>.......<Item menuId="Window" name="Jen&amp;dela"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\irish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):68111
                                                                                                                                                                                                                Entropy (8bit):5.232954902634097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nK+g7GzG1Qb5RURt15NHhoFXlJnMo4b967QNdnVe10fxehtpKe:n+cGOot1H6Fd4bjnVymxePpKe
                                                                                                                                                                                                                MD5:5214FDFDD8A105DC1DD4303D91405A62
                                                                                                                                                                                                                SHA1:A6FE600C88658EB803C5F03E6EB7159E18F42FA2
                                                                                                                                                                                                                SHA-256:483BA3D2FF4ED227E4AA1A77C8356C0F1AF43A49F1C211DA82B1B791132F4ADA
                                                                                                                                                                                                                SHA-512:D81D5D813E2AB36A65FFC58EBF88B77856F40607D41266F90F80EC7439F0B5727048C30FA97FD1C483F5D2E2F15D8038E288BB65B62555AB096034EDA5CD5EAB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Gaeilge" filename="irish.xml" version="7.8.7">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Comhad"/>.......<Item menuId="edit" name="&amp;Eagar"/>.......<Item menuId="search" name="&amp;Cuardaigh"/>.......<Item menuId="view" name="&amp;Amharc"/>.......<Item menuId="encoding" name="Io&amp;nchod."/>.......<Item menuId="language" name="&amp;Teanga"/>.......<Item menuId="settings" name="So&amp;cruithe"/>.......<Item menuId="tools" name="Uir&amp;lis."/>.......<Item menuId="macro" name="&amp;Macra"/>.......<Item menuId="run" name="&amp;Rith"/>.......<Item menuId="Plugins" name="&amp;Breise.in"/>.......<Item menuId="Window" name="&amp;Fuinneog"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Oscail an fillte.n ina bhfuil"/>.......<Item subMenuId="file-closeMore" name="D.n tuilleadh"/>...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\italian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):105446
                                                                                                                                                                                                                Entropy (8bit):5.1618486106910675
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:Jaffx+dDsM9eZL7irUn3/9p4HqPv/pCOm+Wmn+WmH4XpDWe:J4IiZL7iQn3/9eHcpCOm+Wmn+WmH45Dt
                                                                                                                                                                                                                MD5:361942EA08591E6CD0E30412AFDDB969
                                                                                                                                                                                                                SHA1:CC8FB37735BFE039706B900F1FD2F96EFF3F2F8C
                                                                                                                                                                                                                SHA-256:169E783E6800746946A737994196EC82A8EE064FDCA422457EBC0BC10C4B9411
                                                                                                                                                                                                                SHA-512:2EAA9B0F098B1A4274AD6F622F6E4DB5C356C4081B9608A7B8F07D313FDF467CD68F601D16749C5FD82411718508A4FA491A54091A1A09822C4B6C21B8760B3A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version = "1.0" encoding = "utf-8" ?>.. .. Italian translation for Notepad++ 8.7.0.. Last modified Sun, Jul 28th, 2024... For updates, see https://github.com/notepad-plus-plus/notepad-plus-plus/tree/master/PowerEditor/installer/nativeLang..-->.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Italiano" filename="italian.xml" version="8.7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Modifica"/>.......<Item menuId="search" name="&amp;Ricerca"/>.......<Item menuId="view" name="&amp;Visualizza"/>.......<Item menuId="encoding" name="Forma&amp;to"/>.......<Item menuId="language" name="&amp;Linguaggio"/>.......<Item menuId="settings" name=

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\japanese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):111524
                                                                                                                                                                                                                Entropy (8bit):6.039553481431087
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:ya/5utmv8lMRUGcHpc35RBUJ9ywIaLct+LPXbRtfMpYe:yawtY0i35RBxpxtEPttEpYe
                                                                                                                                                                                                                MD5:434E558C1DAD65944E7849B6FAD885A0
                                                                                                                                                                                                                SHA1:316D8CEF944BCD831F177F237D98C4A72290ADAA
                                                                                                                                                                                                                SHA-256:859178752FCD6751A28E9773485A145316D796B4112F1BBBAE754A622900684F
                                                                                                                                                                                                                SHA-512:8FF5E14068CD71BD2AFB26DA480344AED67844F01DADA5DBEAE0BDE1DE4CAFA8FB8EFC095525AF44C5C443CC2F05F62D4FA73633705C077BF9742DB2FCF15272
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Japanese" filename="japanese.xml" version="8.6.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="....(&amp;F)"/>.......<Item menuId="edit" name="..(&amp;E)"/>.......<Item menuId="search" name="..(&amp;S)"/>.......<Item menuId="view" name="..(&amp;V)"/>.......<Item menuId="encoding" name=".....(&amp;N)"/>.......<Item menuId="language" name="..(&amp;L)"/>.......<Item menuId="settings" name="..(&amp;T)"/>.......<Item menuId="tools" name="...(&amp;O)"/>.......<Item menuId="macro" name="...(&amp;M)"/>.......<Item menuId="run" name="..(&amp;R)"/>.......<Item menuId="Pl

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\kabyle.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39980
                                                                                                                                                                                                                Entropy (8bit):5.122615821831661
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nPljcdJZQgZ5+Cio4z3ilzHBrDso3TWwe:n9mJZQgZ4Cio4z3i1D3Tte
                                                                                                                                                                                                                MD5:7C29F26D87D03E9E94AB58D599BFB5F7
                                                                                                                                                                                                                SHA1:88556FD0C1593A3A81DF2FE50CEA3621659E2EC5
                                                                                                                                                                                                                SHA-256:6146A5D85F5E87499BD68AA1BEB01735CCF8CBE18453D75CD2B67DB33C9558FF
                                                                                                                                                                                                                SHA-512:3C96AD60DF3EE008A4FD91A63DF76BBEF8C4EE0D8A68B5396782A18CE0A221E81A61B800258F8C22AFB342B64588A1DE160495BC7651FDE982D26431C98CE10E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Taqbaylit" filename="kabyle.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="Afaylu"/>.......<Item menuId="edit" name="Ta.rigt"/>.......<Item menuId="search" name="Nadi"/>.......<Item menuId="view" name="Abeqqe."/>.......<Item menuId="encoding" name="Asettengel"/>.......<Item menuId="language" name="Tameslayt"/>.......<Item menuId="settings" name="I.ewwaren"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="Selkem "/>.......<Item menuId="Plugins" name="Plugins"/>.......<Item menuId="Window" name="Asfaylu"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Copy to Clipboard"/>.......<Item subMenuId="edit-indent" name="Asi.i"/>.......<Item subMenuId="edit-convertCaseTo" name="Err askil d"/>.......<Item subMenuId="edit-lineOperations" name="Ajerri."/>....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\kannada.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):62974
                                                                                                                                                                                                                Entropy (8bit):5.005322960704437
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nds15J09d5tPDnO1uzCtUgA3yceUCrUQL9nua1eWCfG0Jzh4lqeLeNNqnUJIeXr4:c9r4N2z355vDUTC
                                                                                                                                                                                                                MD5:AF854EA965ED05461D73705D8170CB39
                                                                                                                                                                                                                SHA1:908FD8455EC99DD6AAA8F598C97BBB68D7F1A9A8
                                                                                                                                                                                                                SHA-256:521B6DEE404684904F00C2F1484DD417CB756231564E38389269C476133FAAD8
                                                                                                                                                                                                                SHA-512:B7756244E7E9D14095627391574BAD608CF1D122A023E5CE65F2805549433F4C1355AA0E12028F99F6026F0014FB2BECF44608F772304D6F3BC1A23CC9427C51
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="....." filename="kannada.xml" version="6.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="....."/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="...."/>.......<Item menuId="encoding" name="..........."/>.......<Item menuId="language" name="..........."/>.......<Item menuId="settings" name="..........."/>.......<Item menuId="macro" name="........"/>.......<Item menuId="run" name="..."/>.......<Item menuId="Plugins" name=".........."/>.......<Item menuId="Window" name="....."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".... .........

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\kazakh.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):30859
                                                                                                                                                                                                                Entropy (8bit):5.360365511349026
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nDZzsjAak6AyylkdvUUntDb2nBVLdBvo4KwiV5/T1Dlrq+4fXg6ZtnWSZi/xDCM8:nNFxFwtDbYLdB3fXg6BZoxgJk7BG
                                                                                                                                                                                                                MD5:C903171B671384DE9E882529CA8997F5
                                                                                                                                                                                                                SHA1:EB513B55ECE604E896C8DE14FFC57E2FD3F15A4A
                                                                                                                                                                                                                SHA-256:F24D7AD3574EA5D218EFA0F847AC68964AAC5C9E33CF853AB779BA3E0FE04C5E
                                                                                                                                                                                                                SHA-512:96061B6F5B525B47B3CE7479D358BCBBC1DCC7B4A035BCD31F03D5FD6D4F54274EFAD37FFBED67ABD0B591E6372AA14B2F66E6CD35CE6C174B80ABF2EA3F04FF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="......." filename="kazakh.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="....."/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="......."/>.......<Item menuId="encoding" name="......"/>.......<Item menuId="language" name="............. ..."/>.......<Item menuId="settings" name="......"/>.......<Item menuId="macro" name="........."/>.......<Item menuId="run" name="...."/>.......<Item menuId="Plugins" name="..........."/>.......<Item menuId="Window" name="......"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="...... .......... ......"/>.......<Item subMenuId="edit-indent" name="......."/>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\korean.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML document, Unicode text, UTF-8 text, with very long lines (853), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):107228
                                                                                                                                                                                                                Entropy (8bit):6.020332164940584
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:2eNagRfjxTZb+wJzfD9KHukB83GcwZi4L/LpcyKy4gkHeuuPCoBxpIpe5nuRe:218LxNb+wJfD9KHuDoai4NBmPIId
                                                                                                                                                                                                                MD5:51AD38414C909A2F2917A774C2AA9FAC
                                                                                                                                                                                                                SHA1:19843EC8C4A7F42D99B40A47C9D0B46255C6D129
                                                                                                                                                                                                                SHA-256:3654D94AE16C69BEA140113F6260895E9E2EA5AF085E7C9E8F97F79DCA60FF42
                                                                                                                                                                                                                SHA-512:D618A4CAF18064C66BBFA65707B0F5FEB8B2413F7DD7E991D4FB6B70057719F2ED76E6EFCD5CB91371F8C270A9EFF5F96AC6B11018C39587DFD4658297A01CC1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version = "1.0" encoding = "utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->.. .. <localization work version="7.8.1~8.6.9" nick="Sapziller" name="ByungJo Yoon" mail="yunbj@naver.com"/> <localization work version=6.5.3~7.4.2 name="..." mail= "domddol@gmail.com"/> <localization work version=1 and 6.1.5 nick= "taggon" name= "Taegon Kim" mail= "gonom9@gmail.com"/> <localization work version=2 nick= "" name= "JiHui Choi" mail= "jihui.choi@gmail.com"/> <localization work version=5.4R2 nick= "DreamFactory7" name= "JongPil Kim" mail= "kmshts@naver.com"/> <localization work version=4 nick= "Sapziller" name= "Byungjo Yoon" mail= "yunbj@naver.com"/> <localization work version=5.8 nick= "DreamFactory7" name= "JongPil Kim" mail= "kmshts@naver.com"/> <localization work version=5.9

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\kurdish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):50092
                                                                                                                                                                                                                Entropy (8bit):5.474812541374722
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:59XADKjzwG9bPGbQ4JzXhcBjHK7XqIm+rreXo4QC+e:59XAW3OsHUXUk4Qne
                                                                                                                                                                                                                MD5:9D0BE6BA275FB681D47561D2E03F14AB
                                                                                                                                                                                                                SHA1:911491E5B8525C291631EB07ABE026E9728973D0
                                                                                                                                                                                                                SHA-256:95EC78005291AE3736136F5D6CBB4CDA4EC79DF4C35DBBC2F7625AE9A513FE40
                                                                                                                                                                                                                SHA-512:30CAA1EB59E94CB61DA64073B3A2DECF131A78F0C519C8E1B834DFDC2D84F9FB39C0C9E230DD48C7216853B26AD831A1BEE1A878E602C489789BD7B969D63441
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="....." RTL="yes" editZoneRTL="no" filename="kurdish.xml" version="7.5" -->...<Native-Langue name="....." RTL="yes" filename="kurdish.xml" version="7.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;....."/>.......<Item menuId="edit" name="&amp;........"/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="E&amp;ncoding"/>.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\kyrgyz.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32805
                                                                                                                                                                                                                Entropy (8bit):5.430521744755845
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:G7C0CVWhfkQKoYW3zRrCOwvENkZgZCA2VdTO1KiL:G7wVyYfEtZCExL
                                                                                                                                                                                                                MD5:561BEA9397B5A0E3F27BBC8B941EDD0B
                                                                                                                                                                                                                SHA1:E913B58C1FC1DB8F342D0228B97E58885AAD8EF6
                                                                                                                                                                                                                SHA-256:A7DB585F7FA93A803AA8FCC5F9F20F88E1CBAC7E44200F8BF03D56B3426C3FF6
                                                                                                                                                                                                                SHA-512:4948373CFF4A9B98650DACCD0486B82AB3F0A3E9724B0E5933409E53E30D81450CB11D8EC34CFF15C028C1207F60F30EE168CDD3C7318125EF0E9DA652238825
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Kyrgyz translation made by: -->.. Murat Jumashev <murat@crm.kg> -->.. Last update (5.6.8): 23:58 22.03.2010 -->..<NotepadPlus>...<Native-Langue name="........" filename="kyrgyz.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name=".&amp;...."/>.......<Item menuId="view" name="&amp;......."/>.......<Item menuId="encoding" name="&amp;.........."/>.......<Item menuId="language" name="&amp;........."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="macro" name="&amp;........."/>.......<Item menuId="run" name="&amp;....."/>.......<Item menuId="Plugins" name="..&amp;........"/>.......<Item menuId="Window" name=".&amp;........"/>......</Entries>........ Sub Menu Entries -->......<SubE

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\latvian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):44880
                                                                                                                                                                                                                Entropy (8bit):5.241742723279163
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:RMnu5CiTEyR1KIL8fkvvuFvMNEERjIaH7U6HOe:RIu5FEyR1KIL8fkvGCKERj9Nue
                                                                                                                                                                                                                MD5:E0A5C3BAB1C84402E1541D5DA836122C
                                                                                                                                                                                                                SHA1:1CE66BEA0B941A7850B447936BD50E93830DC1FB
                                                                                                                                                                                                                SHA-256:91DC2682D7B8ADC2901CCC23654AF85778D38589C8C4B9BEE650F2BB46AB08C1
                                                                                                                                                                                                                SHA-512:B1C99E43FFB736BE1F033EE5B9B022679ADA091431466708BBAF01A3730981B39057244C24A38262A744CC27FF1F1D3C50479884ADEC3B9B07ED7EE0418F0196
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Translated by Arvis L.cis (http://twitter.com/arvislacis) v10.7.8 -->.. Aditional translations by K.rlis Kalvi.kis (eko@lanet.lv) 2014.12.16. -->..<NotepadPlus>...<Native-Langue name="Latvie.u" filename="latvian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fails"/>.......<Item menuId="edit" name="&amp;Labot"/>.......<Item menuId="search" name="&amp;Mekl.t"/>.......<Item menuId="view" name="&amp;Skats"/>.......<Item menuId="encoding" name="Ko&amp;d.jums"/>.......<Item menuId="language" name="&amp;Valoda"/>.......<Item menuId="settings" name="Ies&amp;tat.jumi"/>.......<Item menuId="macro" name="&amp;Makrokomandas"/>.......<Item menuId="run" name="&amp;Palaist"/>.......<Item menuId="Plugins" name="Spra&amp;ud.i"/>.......<Item menuId="Window" name="&amp;Cilnes"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" n

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\ligurian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28597
                                                                                                                                                                                                                Entropy (8bit):5.095388791074348
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:7x6QKfeUN2VqPwM6cMxzc+2IQEN/jZraT4BLFZpKPdae:7x6QKxopQ6l7Ike
                                                                                                                                                                                                                MD5:1A2066B01589FDA1B8F591191D8DAB8F
                                                                                                                                                                                                                SHA1:BB2247F5212DE96EDEAB038BAD9D6C23E1478117
                                                                                                                                                                                                                SHA-256:4029DB6EC20C115F3F475EF1862DE5EA5C04D37ABFD64FC904175C560B587B7B
                                                                                                                                                                                                                SHA-512:1AB0CF1B162004EB6C29F0B593BB4F1240149888D83685AFA7CD6CB6DED1E5E4FF030BC5C6519B0CF97A94CC68C365E27E7D837752B24F80A4682E8A4A5669EE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Ligurian translation for Notepad++ 5.8.6...Last modified Sat, February 26th, 2011 01:00 GMT by GENOVES.com.ar...Please e-mail errors, suggestions etc. to info(at)genoves.com.ar....-->..<NotepadPlus>...<Native-Langue name="Zeneize" filename="ligurian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Modifica"/>.......<Item menuId="search" name=".&amp;erca"/>.......<Item menuId="view" name="&amp;Veddi"/>.......<Item menuId="encoding" name="For&amp;mato"/>.......<Item menuId="language" name="&amp;Lengoaggio"/>.......<Item menuId="settings" name="I&amp;nposta.ion"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="Ezegoi"/>.......<Item menuId="Plugins" name="Plugins"/>.......<Item menuId="Window" name="Barcon"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToCli

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\lithuanian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):61966
                                                                                                                                                                                                                Entropy (8bit):5.29257393820577
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:HX/MSN8cl/3xovEBy3J5pLYSTMBmvzDjsEAwOGcMu2Jfe:HvMOvl/xovEBiJ5pLYSThzP1cb2Jfe
                                                                                                                                                                                                                MD5:F95613E520ABD99AFDA450CBB267D7DF
                                                                                                                                                                                                                SHA1:2409917588C0E756397CDE59F2C976535F9EB91F
                                                                                                                                                                                                                SHA-256:FDE9551FFCD4C6F10BEFA19855E51DD7871035612ADDB3E8EFF0A48A7A1C17DB
                                                                                                                                                                                                                SHA-512:F62CFF1BD1877ACDF2BE87CB9C756A39E9D6A5615F556ADB98A223CC2C132B98DBEA6AF648695ECCE340645C13DC755101940B95BEB26068860772C51056A41E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. .. Lithuanian localization for Notepad++.. =====================================.. 2012.11.05 - v. 6.2 - Dmitrijus Skun.ikas (dmitrijus.skuncikas@gmail.com).. 2018.07.11 - v. 7.5.7 - Andrius Burokas..-->..<NotepadPlus>...<Native-Langue name="Lithuanian" filename="Lithuanian.xml" version="7.5.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Failas"/>.......<Item menuId="edit" name="K&amp;eisti"/>.......<Item menuId="search" name="Pa&amp;ie.ka"/>.......<Item menuId="view" name="&amp;Vaizdas"/>.......<Item menuId="encoding" name="&amp;Koduot."/>.......<Item menuId="language" name="Ka&amp;lba"/>.......<Item menuId="settings" name="Nu&amp;statymai"/>.......<Item menuId="tools" name=".&amp;rankiai"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="Palei&amp;dimas"/>.......<Item menuId="Plugins" name="&amp;Papildiniai"/>.......<Item menuId="W

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\luxembourgish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):23279
                                                                                                                                                                                                                Entropy (8bit):5.162321849349043
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:bbSNxq09IoqHMHGgdzLyKIi3a52vuPJOXT0Gjc0J75uemt1eZ4Joge:bb7/xoXQiy2vsJOXT0wdG9e
                                                                                                                                                                                                                MD5:870632CE7CA82F2AE0FB149654B281BC
                                                                                                                                                                                                                SHA1:B91A5B7CA8C1AFF961741F852FED4E8A5DD7381D
                                                                                                                                                                                                                SHA-256:9E3366FE5A1B98C6FB3B18CBC51344A91EA62C42F3CA7561CCA9EDA8B88F126B
                                                                                                                                                                                                                SHA-512:BD27FAF1990D0D57561543BFC0406E18A2BD2536035C2372B71EF3A6C3129947102D17AE4030F354413B5267E3519B130A6A7B0DBCFEDACFFA9E53DC8E0EC5F6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Luxembourgish translation for Notepad++ 5.1....Last modified 02 December 2008 by Steve Gengler...-->..<NotepadPlus>...<Native-Langue name="L.tzebuergesch" filename="luxembourgish.xml">....<Menu>.....<Main>...... Main Menu Titles -->......<Entries>.......<Item menuId="file" name="&amp;Datei"/>.......<Item menuId="edit" name="&amp;Beaarbechten"/>.......<Item menuId="search" name="&amp;Sichen"/>.......<Item menuId="view" name="&amp;Usiicht"/>.......<Item menuId="encoding" name="&amp;Format"/>.......<Item menuId="language" name="S&amp;prooch"/>.......<Item menuId="settings" name="&amp;Astellungen"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="Ausf.ie&amp;ren"/>.......<Item menuId="Plugins" name="Er&amp;weiderungen"/>.......<Item menuId="Window" name="F.&amp;nster"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Te&amp;xtbl.ck opmaache

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\macedonian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):31159
                                                                                                                                                                                                                Entropy (8bit):5.207326616302606
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:l66L/IpjNDqqGAoohURHvbTfiiTr6UPfGwW8zLojmwe:l66L/lAe16iFNLoCwe
                                                                                                                                                                                                                MD5:6A14D4A5652CCB9E39372A208AEFEC63
                                                                                                                                                                                                                SHA1:08C3DC749D50E7C56447EA17A4388D3B9DE86875
                                                                                                                                                                                                                SHA-256:A81ACE4F3EDECCCF81497CBD60277C0399B2709B6AF19123602AF023731C2466
                                                                                                                                                                                                                SHA-512:AE9496DF0105D7041995D03295E532CFF12126DD8DCD3A1A16C66F8C5217C0599965D297618F1FA16DECF2955BD497EA3972538D434886CD7A7A1BEE2CF26E54
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Macedonian localization for Notepad++...Last modified Wednesday, November 11th 2009 18:06 GMT by Kiril Sardjoski....Please e-mail errors, suggestions etc. to kiril.sardjoski(at)gmail(dot)com...-->..<NotepadPlus>...<Native-Langue name="Macedonian" filename="macedonian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;........."/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;......"/>.......<Item menuId="encoding" name="...&amp;..."/>.......<Item menuId="language" name="&amp;....."/>.......<Item menuId="settings" name="..&amp;........"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="......"/>.......<Item menuId="Plugins" name="Plugin-..."/>.......<Item menuId="Window" name="........"/>......</Entries>........<

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\malay.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20895
                                                                                                                                                                                                                Entropy (8bit):5.011699137451405
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:oIlkZbl3LlMvw/OEu00qWDVNnvdiV3pqI2Z6ysqYSegTwmk0ucBBk+iLnvt4stI0:o3NYwOEzpqIjIebFD9ypYlkPEyqL
                                                                                                                                                                                                                MD5:532C7AF28D5DEFDFCC35CBD5DF57068C
                                                                                                                                                                                                                SHA1:B80AF39DE9F750B52DDDA274D43BBE71F3B233B4
                                                                                                                                                                                                                SHA-256:758BA8E78218870974052B4AA90AD746D396BF42AF2B886D73271156CDFF3B3E
                                                                                                                                                                                                                SHA-512:E398C58C9B88EEE2D164395FDF8092B18FDBA83627A5CF512C0FDB9E995C4CBFB5AD7D4F91FD97DE83F55EE4B465A8AAE64411FCD92619A3511DE887BA629ABF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<NotepadPlus>... ..Author: Andi Rady Kurniawan..Date: 12 October 2008..Desc: Malay translation for Notepad++..-->...<Native-Langue name="Bahasa Melayu" filename="malay.xml">......<Menu>.......<Main>...... Main Menu Entries -->........<Entries>.......<Item menuId="file" name="&amp;Fail"/>.......<Item menuId="edit" name="&amp;Sunting"/>.......<Item menuId="search" name="&amp;Carian"/>.......<Item menuId="view" name="&amp;Pandangan"/>.......<Item menuId="encoding" name="For&amp;mat"/>.......<Item menuId="language" name="&amp;Bahasa"/>.......<Item menuId="settings" name="&amp;Ketetapan"/>.......<Item menuId="macro" name="Mak&amp;ro"/>.......<Item menuId="run" name="&amp;Jalan"/>.......<Item menuId="Plugins" name="Plu&amp;gin"/>.......<Item menuId="Window" name="&amp;Tetingkap"/>......</Entries>...... Sub Menu Entries -->........<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Lipat peringkat"/>.......<Item subMenuId="view-uncollapseLevel" name="Bentang peringkat"/>.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\marathi.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40355
                                                                                                                                                                                                                Entropy (8bit):5.09165606968306
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:MOyQ7xsgRQF7cUdzlaKTmG5qxyOy3sEDon1ZjvnnDbnQke4VUXFe:MOvxsgRafOFvnDLQR4VSFe
                                                                                                                                                                                                                MD5:F86D652A046B9C0E32268CAD01F7D6F8
                                                                                                                                                                                                                SHA1:708626A4F92FC89459761CE176655F293C0C43CD
                                                                                                                                                                                                                SHA-256:E2822D05B0B51348F828B1EE10920ADF231795FCF43CE446FB070B927AF86DA8
                                                                                                                                                                                                                SHA-512:C61F802AD1A84C703F769DF298436F7A9C3DAC1559AC6438D9CF17C5FB23C8DCC4931F84B6CCBA49B059B457E3FD93CBE9B498C4B72814DDDC588CAB4D70236B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ...::Marathi language file for Notepad++ ::.....** created By:- Nikhil Tamhankar **....Email- iamnik.mailme@gmail.com.....**modified by:kumar gagare....Email-kumargagare1@gmail.com....-->..<NotepadPlus>...<Native-Langue name="....." filename="marathi.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;...."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name="&amp;...."/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name=".....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\mongolian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):52955
                                                                                                                                                                                                                Entropy (8bit):5.3852573973702675
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nIW4V+JXRmmXgdIQx8WsMRfIBqfRXbPusk1oPmBzfW6dJJz76OeF2Xqjqsaxcsg0:nIW5tiRXbPkEmBzfW6dJx62Xq+vcyX7L
                                                                                                                                                                                                                MD5:325B4D42F0CBF67D0ED309CF40014FC9
                                                                                                                                                                                                                SHA1:46ECA7E15944F80F48DE1A644B27F9F5D8FFA49D
                                                                                                                                                                                                                SHA-256:960E38B757BBE9EEDD1106E4FCA9A5315E7C635FAFB99E2E462225F6A5C1393C
                                                                                                                                                                                                                SHA-512:87701F28E5968BDB48593B1E0ADC56C6468017EF3408F1F24F9E6922830DD2A1C355A9E83A28C53E9025FA44C622DABADE1653F93FF1A9EB6D9D7D2F85E287B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Mongolian" filename="mongolian.xml" version="6.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name=".&amp;...."/>.......<Item menuId="encoding" name="&amp;........"/>.......<Item menuId="language" name=".&amp;.."/>.......<Item menuId="settings" name="&amp;........"/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name=".........."/>.......<Item menuId="Plugins" name="........."/>.......<Item menuId="Window" name="...."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-OpenFolder" name="...... ... ....... ...."/>.......<Item subMenuId="file-CloseMore" name=".... .....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\nepali.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):107727
                                                                                                                                                                                                                Entropy (8bit):4.982262018791112
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nu+A5xJtuL8rYo5CK3WtJFtzWfpvKVpNL:Q5FYMCK3WtJFtzWfpvKLJ
                                                                                                                                                                                                                MD5:5389F6E8EF24696BCAFB7588B71956D3
                                                                                                                                                                                                                SHA1:4A3BF52147FCA77EA377346058613AF5FFACD254
                                                                                                                                                                                                                SHA-256:5A46D64CE256EFE3171EEDDA4FF79424EE77178783597C36172F18DAB983AD79
                                                                                                                                                                                                                SHA-512:2A1F8518D10ADF5ABE8B9F39FD62A7E793AC3777122D7EA8B3D85360D90AC1D8597C7E89EA349BB87C53255D451AE44AEAB37AE8504A511143B68BCEA22821D4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Nepali" filename="nepali.xml" version="7.8.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....... ........."/>.......<Item menuId="search" name="&amp;.........."/>.......<Item menuId="view" name="&amp;.........."/>.......<Item menuId="encoding" name="......."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="........"/>.......<Item menuId="tools" name="........"/>.......<Item menuId="macro" name="&amp;........"/>.......<Item menuId="run" name="&amp;.........."/>.......<Item menuId="Plugins" name="&amp;........."/>.......<Item menuId="Window" name="&amp;......"/>......</En

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\norwegian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):98405
                                                                                                                                                                                                                Entropy (8bit):5.237045882890593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yxIIIwsK5o6mrmAjZqlIWHKhA6EHuoU1XTiwAp4ds032zpzzhbNR70s0UyfzF2OK:yxPIw4z5fLPAUAhbHdy7F2+Z4SnspPf
                                                                                                                                                                                                                MD5:34A31DFDBDFE0EE8F2E9753D43DFD518
                                                                                                                                                                                                                SHA1:D6F9DFF880380A93D3DEFB0747BEC1A3BD99C3E9
                                                                                                                                                                                                                SHA-256:4401640B2B925C81078AC5979763214B60C4CA21DFC2E921F9F732DE6CB24D26
                                                                                                                                                                                                                SHA-512:78E59C81FDDA7869D5F02325CF90B62204E904395BB96B97751216EFF44A5133461186C81D6D8F2D7E543C08D78A67616C2445CCD1DDE6A58179CBBAA6EDCE4B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation.....- Translated by Njardarheim-1337 (njardarheim@protonmail.com)....-->..<NotepadPlus>...<Native-Langue name="Norsk" filename="norwegian.xml" version="8.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fil"/>.......<Item menuId="edit" name="&amp;Rediger"/>.......<Item menuId="search" name="&amp;S.k"/>.......<Item menuId="view" name="&amp;Vis"/>.......<Item menuId="encoding" name="F&amp;ormat"/>.......<Item menuId="language" name="S&amp;pr.k"/>.......<Item menuId="settings" name="&amp;Oppsett"/>.......<Item menuId="tools" name="Verkt.y"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Kj.r"/>.......<Item menuId="Plugins"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\nynorsk.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):31923
                                                                                                                                                                                                                Entropy (8bit):5.0984124276087055
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nyt02Wmq4z3dJyQd6INoxCruLMdL0sWO8gadV/3H/e:nyt5e/DxvB/3fe
                                                                                                                                                                                                                MD5:FD537E7770AA814C138A92D36DAF9AA9
                                                                                                                                                                                                                SHA1:201B36C3BBC158D0D56697CC60316DB46B7742FC
                                                                                                                                                                                                                SHA-256:2512B231EB72F50029A3EF9C15AAE911C2D9F75E62831C0D577E00D4B961F689
                                                                                                                                                                                                                SHA-512:C9144713F018933687A0E1B0956061008BE9F0B423F517A11CA899641B0FEF26BB482821BD7AC651E5965898929385E91B7716157C5F4732CEB945259CAD549F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Norsk-nynorsk" filename="nynorsk.xml">...... Omsett av Thomas Bernes 2008-12.. thomas.bernes@gmail.com -->......<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fil"/>.......<Item menuId="edit" name="&amp;Rediger"/>.......<Item menuId="search" name="&amp;S.k"/>.......<Item menuId="view" name="&amp;Vis"/>.......<Item menuId="encoding" name="&amp;Teiknkoding"/>.......<Item menuId="language" name="S&amp;pr.k"/>.......<Item menuId="settings" name="&amp;Innstillingar"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="K.yr"/>.......<Item menuId="Plugins" name="Programtillegg"/>.......<Item menuId="Window" name="Vindauge"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Kopier til utklippstavla"/>.......<Item subMenuId="edit-indent" name="Innnrykk

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\occitan.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60789
                                                                                                                                                                                                                Entropy (8bit):5.173413597495489
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nc+kAtQxGckJpgWZUO+x9kBsiYfHA6KCDhLfi3hDe:nlkAeG9JCWZUOMimANCDhLfi3Ve
                                                                                                                                                                                                                MD5:4F676E15B99B28E3EE20414D953F4FF7
                                                                                                                                                                                                                SHA1:222F500D84D5F7BE43FCFA3D07D9369B3580887D
                                                                                                                                                                                                                SHA-256:BE14747EC4C7CA2C2CCA241096DC09AA694118D3EFEE5C1D8561CB2843C1F762
                                                                                                                                                                                                                SHA-512:F86DCD6218BCC0B5E93D4F76FAF2CA582437DA8D90166C7B9B4781D236CB526A1A0FDE9EB6E68F077F617A1FC435259BD9E1EF833F814857552CCF042CA09544
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Occitan" filename="occitan.xml" version="7.5.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fichi.r"/>.......<Item menuId="edit" name="&amp;Edicion"/>.......<Item menuId="search" name="&amp;Recercar"/>.......<Item menuId="view" name="&amp;Visualizacion"/>.......<Item menuId="encoding" name="For&amp;mat"/>.......<Item menuId="language" name="&amp;Lengatge"/>.......<Item menuId="settings" name="Param.&amp;tres"/>.......<Item menuId="tools" name="&amp;Aisinas"/>.......<Item menuId="macro" name="Macr."/>.......<Item menuId="run" name="Executar"/>.......<Item menuId="Plugins" name="Ajustons"/>.......<Item menuId="Window" name="Fen.stra"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Dobrir lo dorsi.r parent"/>.......<Item subMenuId="file-closeMore" name="Tampar mai"/>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\piglatin.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (500), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):64425
                                                                                                                                                                                                                Entropy (8bit):5.122167087440154
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:BSJ3T6TLxkSwCMKqUPZJT8XImImvImY6RUv2gfiBxJySJkosme8qe:ByiqUxL0Jsmete
                                                                                                                                                                                                                MD5:5CCC6088975F5B152F5FF52C26392E4F
                                                                                                                                                                                                                SHA1:C9EBDE1AFC557E357F1866262AF93A7B8E45519B
                                                                                                                                                                                                                SHA-256:20B94B853014B63E6FCD2F6E788DF991E95C3461F40999CD995424815A0FE26B
                                                                                                                                                                                                                SHA-512:B909E88850F38C56D76CCBAA0EF2817AE3A6C9BDFB87E5A8B8773675A04AE8888A95946DF49A0A5EDC0B43566EA49BB95F8A2E7513EA69EE95642D1FA6AC9745
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>..<NotepadPlus>...<Native-Langue name="Pig Latin" filename="piglatin.xml" version="7.5.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="Ile&amp;fay"/>.......<Item menuId="edit" name="&amp;Edityay"/>.......<Item menuId="search" name="Earch&amp;say"/>.......<Item menuId="view" name="Iew&amp;vay"/>.......<Item menuId="encoding" name="E&amp;ncodingyay"/>.......<Item menuId="language" name="Anguage&amp;lay"/>.......<Item menuId="settings" name="E&amp;ttingssay"/>.......<Item menuId="tools" name="&amp;Oolstay"/>.......<Item menuId="macro" name="Acro&amp;may"/>.......<Item menuId="run" name="Un&amp;ray"/>.......<Item menuId="Plugins" name="Ugins&amp;play"/>.......<Item menuId="Window" name="Indo&amp;wway"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Openyay Ontainingcay Olderfay"/>.......<Item subMenuId="file-closeMore" name="Oseclay

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\polish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):105621
                                                                                                                                                                                                                Entropy (8bit):5.4609029441291375
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:y/ct7yVpXu1+q25iD7BtnmlzRrasWoeiEzlNp7cUf:yDirnmPrafVoy
                                                                                                                                                                                                                MD5:82B56EC4DE7555AF7848512C3DD291B1
                                                                                                                                                                                                                SHA1:C2BE3B6F79D8B544CE1EA53E7B7FE39F8A3860B2
                                                                                                                                                                                                                SHA-256:842DDEF9E2F7B452C1123425A13B4EB95EC6125703AD8EC6E659E6DB96EB35E1
                                                                                                                                                                                                                SHA-512:D2B34F8C821897D39EC4CCA5216DB55C2E3DD375CD51085B10AAE78D2FF6CAC991BFB19C0665CAEFC2C527FFA84D6DA51CD19474C40DFB231030837586DD6D3A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->.. ...History of Polish translation for Notepad++:......- Updated by Arkadiusz Michalski (webref.pl) to version 8.6.9 (05.07.2024)....- Updated by Cezariusz Marek to version 7.8.3 (11.01.2020)....- Translated by Patryk Skorupa (ppskorupa@outlook.com) and up-to-date as of version 7.7.2 (29/07/2019)....- Translated by Piotr Kostrzewski (piotrkostrzewski2@@outlook.com) and up-to-date as of version 8.6.6 (02.04.2024).....The most recent version of this file can usually be downloaded from:....https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/polish.xml..-->..<NotepadPlus>...<Native-Langue name="polski" filename="polish.xml" version="8.6.9">....<Menu>.....<Main

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\portuguese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):108532
                                                                                                                                                                                                                Entropy (8bit):5.253245835804451
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:MWwF76oAW4Nc47CB6RMunUwwpAKC7lYNkTrE1pcm:tW46ICB6RDnUwwpAKC7lbArX
                                                                                                                                                                                                                MD5:4FECCCFF6C8B90A2A254D14FE79CF77E
                                                                                                                                                                                                                SHA1:4CF6428B974A53F8C079840292D84EB6EEDFFFFB
                                                                                                                                                                                                                SHA-256:EFB1249382B9D5B0BE4D1A009CB3D13966B303DA6B3C5305FD92FD56A7F4BF35
                                                                                                                                                                                                                SHA-512:49A6AB732D3432E14D430BD81E2D0224C3E1740ADC1B63B21202EB118FDEF4E8A1EE365FCC1B15C21135AD544C8C58CBD2203B8358F812724BB039B487A71583
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Nota de tradu..o:..1. Instale o plugin XML Tools para formatar a sua tradu..o XML. Atrav.s do comando do menu "Plugins -> XML Tools-> Pretty print - indent only"...2. Todos os coment.rios s.o de car.ter explicativo, n.o s.o de tradu..o...-->..<NotepadPlus>...<Native-Langue name="Portuguese Portugal" filename="portuguese.xml" version="8.6.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Ficheiro"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="P&amp;rocurar"/>.......<Item menuId="view" name="&amp;Visualiza..o"/>.......<Item menuId="encoding" name="&amp;Codifica..o"/>.......<Item menuId="language" name="&amp;Linguagem"/>.......<Item menuId="settings" name="D&amp;efini..es"/>.......<Item menuId="tools" name="F&amp;erramentas"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;xecutar"/>.......<Ite

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\punjabi.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59114
                                                                                                                                                                                                                Entropy (8bit):5.1965193223243
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:n1IuvFcT/8OA1dEe+zwB+mn8r9nA2EtHWy7qZ1NAyddb9W3TWv6LtnFlvFte:n1ID9wCdwBh6nMtHFqZ1NPzbo3TWKte
                                                                                                                                                                                                                MD5:13D4AA551F726F4040DE50E7C7A85E6C
                                                                                                                                                                                                                SHA1:49B8EFC18237FBDF631247C14DCDC0B45DAEF612
                                                                                                                                                                                                                SHA-256:A7AC38D31AF237BD77723AA3C50F31ED463C563DB84CAB8C3B0AE582E8D2937D
                                                                                                                                                                                                                SHA-512:B17A5D770CDF4FCAE12476C7DB1BB59045D7056F51F1867E8A020CE4B6D19426CF69A8EEDC511001F367DA8FDBFEFC9B9CCC4824FF6634766ED5D749315788DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="...... .." filename="punjabi.xml" version="6.8.2">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;..."/>.......<Item menuId="search" name="&amp;..."/>.......<Item menuId="view" name="&amp;...."/>.......<Item menuId="encoding" name="&amp;........"/>.......<Item menuId="language" name="&amp;....."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name=".."/>.......<Item menuId="Plugins" name="......"/>.......<Item menuId="Window" name="....."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="... .... ....."/>.......<Item subMenuId="file-clo

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\romanian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):122835
                                                                                                                                                                                                                Entropy (8bit):4.748401296451134
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:mqSZZIZTB6fMKO/w9vaeGyS5DsejTY6w1v8upue:tF6EdXZw1v7V
                                                                                                                                                                                                                MD5:F1CB093CA8B07D1DA332E6581E0C2569
                                                                                                                                                                                                                SHA1:45A271CB41C35894623815175FB5ECCB4885EAF4
                                                                                                                                                                                                                SHA-256:B08ED2706BF071E51A4C40B792B97DDFE1CC5C67E644CCF33294F7C23E605193
                                                                                                                                                                                                                SHA-512:5F6BAF329D740ABBF2E811A00D633C7948826DABC0CD98C3003FE3B46B863238A4B94C37C730E1943DD0441C9D9C701162255E086FC6D8C3A152BB92DE001082
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..- Traducerea .n rom.n. pentru Notepad++ 8.7..- Ultima modificare a fost f.cut. 27 iulie 2024 de c.tre Miloiu Andrei-Valentin... Modific.rile din 30 ianuarie 2019 au fost f.cute de c.tre Barna Cosmin Marian.. Pentru actualiz.ri vizita.i: https://github.com/notepad-plus-plus/notepad-plus-plus/tree/master/PowerEditor/installer/nativeLang.. -->..<NotepadPlus>.. <Native-Langue name="Romanian" filename="romanian.xml" version="8.7">.. <Menu>.. <Main>.. Main Menu Entries -->.. <Entries>.. <Item menuId="file" name="&amp;Fi.ier"/>.. <Item menuId="edit" name="&amp;Editare"/>.. <Item menuId="search" name="&amp;C.utare"/>.. <Item menuId="view" name="&amp;Afi.are"/>.. <Item menuId="encoding" name="C&amp;odificare"/>.. <Item menuId="language" name="&amp;Limbaj"/>

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\russian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):133324
                                                                                                                                                                                                                Entropy (8bit):5.399914258096561
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:AkEbYIWPdCNbko/oPfKMxYEgpb6S9Ex57Tt2LBm1NAVna2FOpUpsxxNzqzAiIe:9fKoSi57TULM1NAVFFLsVqzAE
                                                                                                                                                                                                                MD5:6CA659C270042AB836B4597041FD2D5B
                                                                                                                                                                                                                SHA1:DE17CD1B0EEF8F6F978224E4BA1A583A3EA7D502
                                                                                                                                                                                                                SHA-256:C17650D9BEFA3B5681798FA495C9680EEA8E79C92083E01E7356E01A91ED04FE
                                                                                                                                                                                                                SHA-512:EC5794BF14C0DA9604D9E078913A96438E32535B3D52E62D0096D7D3FA174492045893C868C296D3B9291EAA864AF8A7ECB5858BB8AAE1CB5E3B08CC5DB699ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Russian translation for Notepad++..Updated to v8.7.0:..- added new lines..- add Alt command..-->..<NotepadPlus>...<Native-Langue name="......." filename="russian.xml" version="8.7.0">....<Menu>.....<Main>...... ....... .... -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;......"/>.......<Item menuId="search" name="..&amp;..."/>.......<Item menuId="view" name="&amp;..."/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;.........."/>.......<Item menuId="settings" name="&amp;....."/>.......<Item menuId="tools" name=".....&amp;......"/>.......<Item menuId="macro" name="&amp;......."/>.......<Item menuId="run" name="&amp;......"/>.......<Item menuId="Plugins" name=".....&amp;.."/>.......<Item menuId="Window" name="...&amp;...."/>......</Entries>..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\samogitian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7832
                                                                                                                                                                                                                Entropy (8bit):5.074931873331391
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nXgLkaLDidBiwFkGY0I0eXrGdmsa7O+tSWuKVW9MZ7oM/7yUtlV5iXtHbge:njiwFkXr+kT9ve
                                                                                                                                                                                                                MD5:AAB66DCE85895AFFD7BAE8F7C9CC562E
                                                                                                                                                                                                                SHA1:F8D0CAEF6417E6BFC2D36740EB6110BF015D9ADE
                                                                                                                                                                                                                SHA-256:AD7850E4F4B98AFF535EFE8B24E540AC7BB1D39C3DBB8BC649AA7126AB311C6C
                                                                                                                                                                                                                SHA-512:B2722D6DCC290F65FB2971A51B1D709D3797878ECF876E489CB207F96E4BC4A3F6F130753F3FB8EA884FCEB616CFD61166E7A5C84BBC241FA10E8764368B0515
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Samogitian" filename="samogitian.xml">.... Mindaugas Machernis veertea. -->....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Failaa"/>.......<Item menuId="edit" name="&amp;Keistea"/>.......<Item menuId="search" name="&amp;Eaishkuotea"/>.......<Item menuId="view" name="R&amp;uodiitea"/>.......<Item menuId="encoding" name="&amp;Format's"/>.......<Item menuId="language" name="&amp;Shnekta"/>.......<Item menuId="settings" name="&amp;Nostatimaa"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>..............</SubEntries>........ all menu item -->......<Commands>.......<Item id="41001" name="&amp;Koortea.Ctrl+N"/>.......<Item id="41002" name="&amp;Atdariitea.Ctrl+O"/>.......<Item id="41003" name="&amp;Sheaata Ozhdariitea Ctrl+W"/>.......<Item id="41004" name="&amp;Veasas Ozhdariitea"/>.......<Item id="41005" name="&amp;Keatas Ozhd

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\sardinian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):34737
                                                                                                                                                                                                                Entropy (8bit):5.103440432092928
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:e6unX1zk/Oy3RXVL+xaYQ2078x1AVxad721IGeTs+Be:jmzk3V6aHIGeTNBe
                                                                                                                                                                                                                MD5:9CEB9921A23897BF2C275BE5661231A4
                                                                                                                                                                                                                SHA1:EEC3ADFAA7B514838FCD9D8DB65937B9F545BA7B
                                                                                                                                                                                                                SHA-256:832A34E630178FD33871EB1C9633447D46E2861C39221FF2E100D0F4EDFC8632
                                                                                                                                                                                                                SHA-512:B1DCD4FAC2180F75F19EA25067EEC420891FFA642A17F2D69CE791A5D6353978FA624497F26CA4ED50DCBC025B860FD33C7CEF110AD24670ED5E58266F71AF25
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Sardininian translation for Notepad++ 5.9.6.1...Last modified Sat, December 24th, 2011 01:10 GMT by Marco Solinas....Please e-mail errors, suggestions etc. to solinas.marco(at)libero.it....For updates, see https://sourceforge.net/projects/notepad-plus/forums/forum/558104/topic/1853765.....Custa tradutzioni est fata sighendu is arr.gulas de sa "Limba Sarda Comuna". Custu scioberu...ndi benit de sa necessidadi de dhi donai a sa comunidadi inform.tica sarda un'aina chi potzat...essi imperada de totus, in Sardu, sentza de fai distintzioni peruna tra variantis. Ammarolla, ca...d.u etotu soi unu "cabesutesu", sa basi de su Sardu chi dhui at, in custa faina, a suta de sa LSC...est cussu chi apu sempri int.ndiu allegai d.u: s'Olliastrinu de costera. In d.nnia manera, ca...d.u soi unu de cussus chi funt cumbintus chi totugantu su Sardu apartenit a totus is Sardus, timoria...de is pr.stitus internus no ndi t.ngiu: tandu, candu apu agatau u

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\serbian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):19236
                                                                                                                                                                                                                Entropy (8bit):5.131159808659015
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nfjr3D/CDKiGEoaYr7yyCYJPexckpuy64fbdfiI8+7++RU9W/Kh48BsdE7iZ6/Mm:n9TPexckbM+c71BpYe
                                                                                                                                                                                                                MD5:BC7B6AA54DA64BB3DDF9BD939DD22A9A
                                                                                                                                                                                                                SHA1:C13213709A8EA3E7CF5D702220A4F09F2AD966FD
                                                                                                                                                                                                                SHA-256:DA72EBB99A389B854F0DB6D51BA712857445D8C6CA392A9645713D8A9AEF765E
                                                                                                                                                                                                                SHA-512:676781B8E231D1CE83892B2541A69DAC43AA57DBD20179BA1641565F4B7A134993FCC916FE507403D7F4BD5AF4B6DFAD58748F8AA5971BD51BB917BF1626CCE8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Srpski(Serbian)" filename="serbian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="D&amp;okument"/>.......<Item menuId="edit" name="&amp;Uredi"/>.......<Item menuId="search" name="&amp;Tra.i"/>.......<Item menuId="view" name="&amp;Prikaz"/>.......<Item menuId="encoding" name="For&amp;mat"/>.......<Item menuId="language" name="&amp;Jezik"/>.......<Item menuId="settings" name="P&amp;ostavke"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Pokreni"/>.......<Item menuId="Plugins" name="Dodaci"/>.......<Item menuId="Window" name="Prozor"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Sakrij nivo"/>.......<Item subMenuId="view-uncollapseLevel" name="Otkrij nivo"/>......</SubEntries>........ all menu item -->......<Commands>.......<Item id="41001" name="&amp

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\serbianCyrillic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39919
                                                                                                                                                                                                                Entropy (8bit):5.279096364598868
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:MFlLh+em5PtJ6we/Or592ScomO+e9f9vsRQJhbchJscpyL:MFloJ6wemrPCJiV0RQJWnsccL
                                                                                                                                                                                                                MD5:91C945838695F8624AFFAB97B6B7042A
                                                                                                                                                                                                                SHA1:80F16F26AED76AD2ED00C5FF67686BCD885E8C12
                                                                                                                                                                                                                SHA-256:A8404BEE78182C3CA243AB618344714185AE9D4BEB6CBA42DE577C72958E8AA0
                                                                                                                                                                                                                SHA-512:4F0F05F7DA3D6473BA98853FC80DA2947BD572EADA2FB76D7EE923E458149FF305C9E516831D563A846B0DE57EDEACBED4F2B157EAAC9A00F6A5178D0784DBE9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Serbian localization for Notepad++...Last modified Wednesday, Mart 11th 2010 18:06 GMT by .... .............Please e-mail errors, suggestions etc. to ivanstar61 at gmail.com...-->....<NotepadPlus>...<Native-Langue name="......" filename="serbianCyrillic.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name=".&amp;......."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;......"/>.......<Item menuId="encoding" name="...&amp;....."/>.......<Item menuId="language" name="&amp;....."/>.......<Item menuId="settings" name=".&amp;......."/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name="......."/>.......<Item menuId="Plugins" name="......"/>.......<Item menuId="Window" name="......"/>......</Entries>..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\sinhala.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48057
                                                                                                                                                                                                                Entropy (8bit):5.1022433558010665
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:dg9EA1Wb1L3Gv7jvYyvFkCgDtxXB2z/0ZN2LdvjBICV8umz4lOyCh8uCDuVEeZ3k:dguiM3Gv7jvYyNkCgZxXB2z/bu/ThcDN
                                                                                                                                                                                                                MD5:79C45EBE1BD455B20EBB08877ED93C53
                                                                                                                                                                                                                SHA1:67993E982A81F07F71B2A63189B62C6B151E0951
                                                                                                                                                                                                                SHA-256:2C24F7AA723A32A139FB79F2CD288C36157EC90B994A66693CF9D0C697F672AF
                                                                                                                                                                                                                SHA-512:1C9663769C679635689EE4D18C2CE9515C528F96D1D654E9CC06E17BB149C15C9C9571BEDD980F50FAAD515F265CE862FB11C4D05D89B60486AFA2BED4071BAE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.... Contributors: Supun Viraj, Gihan Timantha, Lasith Tarindu -->.. University of Colombo School of Computing, Sri Lanka, 2013 -->....<NotepadPlus>...<Native-Langue name="Sinhala" filename="sinhala.xml">....<Menu>.....<Main>........ Main Menu Entries -->........<Entries>.........<Item menuId="file" name="....."/>.......<Item menuId="edit" name="......"/>.......<Item menuId="search" name="......"/>.......<Item menuId="view" name="......."/>.......<Item menuId="encoding" name="...."/>.......<Item menuId="language" name="....."/>.......<Item menuId="settings" name="......."/>.......<Item menuId="macro" name="..... ...."/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name=".... ........"/>.......<Item menuId="Window" name="......"/>........</Entries>........ Sub Menu En

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\slovak.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):104473
                                                                                                                                                                                                                Entropy (8bit):5.508257643119489
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:PT8xYYcB+cMj0+/3Nur/WCUOdlHjsyRpiRBe:bY4B+x0+kTj7vkM
                                                                                                                                                                                                                MD5:31617448E4E0A7AFA3B20BEB1F4C7EDB
                                                                                                                                                                                                                SHA1:172BDFCB4C956527D7CCC12A8E016190F800F718
                                                                                                                                                                                                                SHA-256:18233820BD8433D8D34F8638D89897C8605A7D50DF18C6EE9B1ABB93EFB59FD3
                                                                                                                                                                                                                SHA-512:FB755245DB661D8675F8FC1339AD27AF44888F153F7145DDCFA6EB38F5CF9D770597DB8B5570AB911CCF3F5B3B6054057523D912F3DAD0492A0CA6E13929DB1A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Slovak localization for Notepad++..-->..<NotepadPlus>...<Native-Langue name="Sloven.ina" filename="slovak.xml" version="8.7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;S.bor"/>.......<Item menuId="edit" name=".&amp;pravy"/>.......<Item menuId="search" name="&amp;H.ada."/>.......<Item menuId="view" name="&amp;Zobrazi."/>.......<Item menuId="encoding" name="&amp;K.dovanie"/>.......<Item menuId="language" name="&amp;Jazyk"/>.......<Item menuId="settings" name="&amp;Nastavenia"/>.......<Item menuId="tools" name="N.s&amp;troje"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="Sp&amp;usti."/>.......<Item menuId="Plugins" name="&amp;Doplnky"/>.......<Item menuId="Window" name="&amp;Okn."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Otvori. prie.inok &amp;s.boru"/>.......<

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\slovenian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):101532
                                                                                                                                                                                                                Entropy (8bit):5.288562794586069
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:gX4xXNbOf8RBjDvZYOjQLJfRWa1FDVjs+h0ps5xCVaYJvYpg06:C6XNbOf8RBzQLJca1FDTh0pVVaYJvOg9
                                                                                                                                                                                                                MD5:24D40C7518B692C88E38ADBF500BBA8E
                                                                                                                                                                                                                SHA1:E3952CB96BE0C25D2CDB03A5C71DDF824EAAE587
                                                                                                                                                                                                                SHA-256:7E342CB04B73BB91C7BC8EC9541E01A6F9354AD37A176A73483F1F415D380D13
                                                                                                                                                                                                                SHA-512:11DBC23DA70F4812F976146A422574E3E1D6CBF31B2E93D47448482573DA65CD46C7B9490E5B788512A8AFEAD03C418DE0D6BC87BB594C2F7039A0FB1AE5CDCE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. .. Slovenian localization for Notepad++ v8.6.5.. Last modified 02. Apr 2024 by dr. Vinko Kastelic......-->..<NotepadPlus>...<Native-Langue name="Sloven..ina" filename="slovenian.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Datoteka"/>.......<Item menuId="edit" name="&amp;Uredi"/>.......<Item menuId="search" name="&amp;Najdi"/>.......<Item menuId="view" name="&amp;Pogled"/>.......<Item menuId="encoding" name="K&amp;odiranje"/>.......<Item menuId="language" name="&amp;Sintaksa jezika"/>.......<Item menuId="settings" name="Nas&amp;tavitve"/>.......<Item menuId="tools" name="Oro&amp;dja"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;Po.eni"/>.......<Item menuId="Plugins" name="&amp;Vti.niki"/>.......<Item menuId="Window" name="&amp;Okno"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\spanish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):107424
                                                                                                                                                                                                                Entropy (8bit):5.203070257610194
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yaALa5DdeLDO47ZID61calblJtbHRyYATBWZk+2EbBpJdXTy0pJGA737Xe:yacabQtcQFRyJBWZk+7zdm0pJGAfe
                                                                                                                                                                                                                MD5:33027565A0ADC6374CDE55242CC8904E
                                                                                                                                                                                                                SHA1:8E6B7882016181E284AEBDC3921DCDB8EE73ED78
                                                                                                                                                                                                                SHA-256:FFA675CF460DAF17D4DCAE6805C6E67EF7F94C0B5636C260EB70E78D4A56709A
                                                                                                                                                                                                                SHA-512:05B68163A1CC678EA5C28E62B806857F5AD8837369067B7276FB5A5AC897FD01931D45D5C7EC005B01210147F5B133290063B6AE12AECF7B7F0B2C5AE0C0F32F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Espa.ol" filename="spanish.xml" version="8.7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Archivo"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Buscar"/>.......<Item menuId="view" name="&amp;Vista"/>.......<Item menuId="encoding" name="Co&amp;dificaci.n"/>.......<Item menuId="language" name="&amp;Lenguaje"/>.......<Item menuId="settings" name="C&amp;onfiguraci.n"/>.......<Item menuId="tools" name="He&amp;rramientas"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;jecutar"/>.......<Item menuId="Plugins" name="Complemen&amp;t

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\spanish_ar.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41595
                                                                                                                                                                                                                Entropy (8bit):5.088333387922988
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nisXSvLH/UsEx4dZFjYF2RLYE/bbbjC4ki1TKA4DsxaLVm5/Due:ntXSvbIbHe
                                                                                                                                                                                                                MD5:2F5E583098C0CEF1081798BB779E7524
                                                                                                                                                                                                                SHA1:474CA09D5E6A9A885523EADC68952436ADAA1172
                                                                                                                                                                                                                SHA-256:5ABB9A1B8555CECEF039C4352EE73BDDF690DFD0EC4FEE8542F2E0A3B9C0055F
                                                                                                                                                                                                                SHA-512:E4FC7887C17A918CF4B40F96066C574874D74C7ABB210E8D5F0CCAF6A9BBD23140BB6136942F0FFF5C6FB9A6B42A28FD3934E85287B842357414397E10685D2E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Castellano - Espa.ol" filename="spanish_ar.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Archivo"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Buscar"/>.......<Item menuId="view" name="&amp;Ver"/>.......<Item menuId="encoding" name="&amp;Formato"/>.......<Item menuId="language" name="&amp;Lenguaje"/>.......<Item menuId="settings" name="&amp;Configuraci.n"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;jecutar"/>.......<Item menuId="Plugins" name="&amp;Complementos"/>.......<Item menuId="Window" name="Ve&amp;ntana"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-closeMore" name="Cerrar m.s"/>.......<Item subMenuId="file-recentFiles" name="Archivos recientes"/>.......<Item subMenuId="edit-copyToClipboard" name="Copiar

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\swedish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):103180
                                                                                                                                                                                                                Entropy (8bit):5.289848697543492
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:kaVha+LZDwqp5gzwfx6kB/2FriAieQ3Sv+AaRyjxwfi0A3OeGUajK/qEOZKfsOu3:kam++KDUXjPraK/qEOE0fppbpOe
                                                                                                                                                                                                                MD5:5341025934843EB5B69B6640DB94F782
                                                                                                                                                                                                                SHA1:3319BB240624CBFA35D6A5F631AB158283370CFE
                                                                                                                                                                                                                SHA-256:8A9ACED02CD50E51F8D7C4F5B905613EB04550B1BC7AA2F20DD255C6E2725397
                                                                                                                                                                                                                SHA-512:F4098F1099AA89F7DA9506880DAFD4CB25BE7A54E06524870E6E46520B90BE17BC5A4FE2DA131392265704877C2AE99527081621DD322835ED6F2A77FD7C1379
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Svenska" filename="swedish.xml" version="8.6.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Arkiv"/>.......<Item menuId="edit" name="&amp;Redigera"/>.......<Item menuId="search" name="&amp;S.k"/>.......<Item menuId="view" name="&amp;Visa"/>.......<Item menuId="encoding" name="K&amp;odning"/>.......<Item menuId="language" name="S&amp;pr.k"/>.......<Item menuId="settings" name="&amp;Inst.llningar"/>.......<Item menuId="tools" name="V&amp;erktyg"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;K.r"/>.......<Item menuId="Plugins" name="I&amp;nsticksprogram"/>.......<Item m

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\tagalog.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24635
                                                                                                                                                                                                                Entropy (8bit):5.011979175803779
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:ngWFsSiq/dkOdWOWY+aHw83iV/etQqNyrVEocIRRdDRf3IFjnDeVTNTW06D7RckE:nu/qxWInYey5lRR9BcjnwNilT3aycQbe
                                                                                                                                                                                                                MD5:4CEF1B7BA4B4240BD755B7917053E146
                                                                                                                                                                                                                SHA1:B6C6FE1A2A4D7035BA56FD25DF43ABBC85569544
                                                                                                                                                                                                                SHA-256:3C940F8A64D6893EB6846A5BC3E0D266D3B243EA1AFF6C30723A56DA8D35008D
                                                                                                                                                                                                                SHA-512:39555741C9B860A925C54DB6FF014085B41DF2C4B8166C48845B3F218FF61FC33845DA447E45E0BC6D72598CF828344F96B78CBBAEA3FDB1BE0AB85F38D49D5A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Tagalog" filename="tagalog.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Pila"/>.......<Item menuId="edit" name="&amp;Ayusin"/>.......<Item menuId="search" name="Mag&amp;hanap"/>.......<Item menuId="view" name="&amp;Tignan"/>.......<Item menuId="encoding" name="A&amp;nyo"/>.......<Item menuId="language" name="&amp;Wika"/>.......<Item menuId="settings" name="Ka&amp;lagayan"/>.......<Item menuId="macro" name="Laki"/>.......<Item menuId="run" name="Takbo"/>.......<Item menuId="Plugins" name="Mga Plugin"/>.......<Item menuId="Window" name="Dungawan"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Isipi sa Klipbord"/>.......<Item subMenuId="edit-indent" name="Ipasok"/>.......<Item subMenuId="edit-convertCaseTo" name="Baguhin ang kaso"/>.......<Item subMenuId="edit-lineOperations"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\taiwaneseMandarin.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):85578
                                                                                                                                                                                                                Entropy (8bit):6.13405919981171
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:h1/HIydTKgZG+26PpR79d1LVRN/YR5977LHDa3YICAlUSUpVMYe:h5HIG26v9d1LVR0/AgpVde
                                                                                                                                                                                                                MD5:60213E15F6C593EAAA9280E4351B938B
                                                                                                                                                                                                                SHA1:7FF8CB215DB1AD6CCE839A5311AD0E9AB0F7D6D5
                                                                                                                                                                                                                SHA-256:1E179F9CB78D1ECD452FE280F1A2802E87225924F6FBA53B0897EA67206EEC5F
                                                                                                                                                                                                                SHA-512:7FEB6163275A99069BD8CE8466A6394DF6B2CBD7D29B946D9D40587BE07B588F5EA323038D663DF813E689E18987438006ACFD95489D0AD312EEED502082A982
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>...<Native-Langue name="...." filename="taiwaneseMandarin.xml" version="8.6.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="..(&amp;F)"/>.......<Item menuId="edit" name="..(&amp;E)"/>.......<Item menuId="search" name="..(&amp;S)"/>.......<Item menuId="view" name="..(&amp;V)"/>.......<Item menuId="encoding" name="..(&amp;N)"/>.......<Item menuId="language" name="..(&amp;L)"/>.......<Item menuId="settings" name="..(&amp;T)"/>.......<Item menuId="tools" name="..(&amp;O)"/>.......<Item menuId="macro" name="..(&amp;M)"/>.......<Item menuId="run" name="..(&amp;R)"/>.......<Item menuId="Plugins" name="..(&amp;P)"/>.......<Item menuId="Window" name="..(&amp;W)"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".......(&amp;F)"/>.......<Item subMenuId="file

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\tajikCyrillic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):55364
                                                                                                                                                                                                                Entropy (8bit):5.328842401268827
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:n+H9toJJycNtJn//b/tEQi3Ee2+fD/oIe+1qqG+CJdUnv1a+UL/+AGirG+31OO8c:n8aq0qsIBGRdUn9aD/8irFopLe
                                                                                                                                                                                                                MD5:06984B1AB1130E694446D32D1D5A34DF
                                                                                                                                                                                                                SHA1:932FDC1D9B89E930A8E11D327B66EA7B14038A13
                                                                                                                                                                                                                SHA-256:D04B0369DA198076BED68F3668F9B87594CC37346B0500195CC45A5390518C44
                                                                                                                                                                                                                SHA-512:94B5D2F2F7AF2E0CCDD9A883A1E494B679FE51F87A9C236DD9653AB490BA670FFCDAFA7655BE98F3ED9FB22811C32142856CB914A8730AE737082500048C8629
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="......" filename="tajikCyrillic.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;......"/>.......<Item menuId="search" name="&amp;......."/>.......<Item menuId="view" name="&amp;........"/>.......<Item menuId="encoding" name="&amp;.........."/>.......<Item menuId="language" name="&amp;....."/>.......<Item menuId="settings" name="&amp;........"/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="...."/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name="......."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-... ......Folder" name="... ....... ..... ....."/>.......<Item subMenuId="file-......M

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\tamil.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):102842
                                                                                                                                                                                                                Entropy (8bit):4.900111073225709
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:vs83N74aQpdBADrgkKACP8jSOPMsAHxLLmkj291ZifFSdbUBeLBRT2C9Hi8R8C89:vs83N74a6vADrgkKACP8jSOPMsAHxLL/
                                                                                                                                                                                                                MD5:B1FB599DAEA52466C20FBD2CE57DAED8
                                                                                                                                                                                                                SHA1:9DE1D20ABDFD03F8BA3E2D17248CE8A60E27F601
                                                                                                                                                                                                                SHA-256:B9AC155653B326862A2D86E90E99F342263439D12920DAF735D63A737CAB1CE5
                                                                                                                                                                                                                SHA-512:2C45CD41C6AF5A88DC2A5CC8044E28BF96C0EB60150059B3C55A9A383A423B574955DADE9A19FC6FE5A6DF3FFD4331BD72DBB62795F4230AF15AE405EC881D7A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="....." filename="tamil.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...... (&amp;F)"/>.......<Item menuId="edit" name="....... (&amp;E)"/>.......<Item menuId="search" name=".... (&amp;S)"/>.......<Item menuId="view" name="...... (&amp;V)"/>.......<Item menuId="encoding" name="............... (&amp;N)"/>.......<Item menuId="language" name=".... (&amp;L)"/>.......<Item menuId="settings" name=".......... (&amp;T)"/>.......<Item menuId="tools" name="........ (&amp;O)"/>.......<Item menuId="run" name="..... (&amp;R)"/>.......<Item menuId="Plugins" name=".............. (&amp;P)"/>.......<Item menuId="Window" name="...... (&amp;W)"/>......</Entries>........ Sub Menu Entries -

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\tatar.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (305), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59382
                                                                                                                                                                                                                Entropy (8bit):5.434739981360586
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:n/Ub7FjLwc0u21pAMq2H9yLdTHOojcOdo3Eh2MPe:4NC1pAMXsVB63Y0
                                                                                                                                                                                                                MD5:CD7A34974D8050B6507543E8B901C919
                                                                                                                                                                                                                SHA1:80314A3492BA7B804AC91E53FFC52E678E55B072
                                                                                                                                                                                                                SHA-256:08B075513E2287A253FD08BADD43893D1136ACB9A8C4DDEACDCB5F5CFCB69870
                                                                                                                                                                                                                SHA-512:700EB73CF42C434CA5E7C51EF7270F894FF0890B4BAE2CA11C195CB74869CA045564C5D68CD26F4E19D15F9ABFD695167E9663C3B609A62E6127F25EA32BC4C5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="......." filename="tatar.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;......"/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;......"/>.......<Item menuId="language" name="&amp;.........."/>.......<Item menuId="settings" name="&amp;........."/>.......<Item menuId="tools" name="&amp;........"/>.......<Item menuId="macro" name="&amp;........."/>.......<Item menuId="run" name="&amp;......"/>.......<Item menuId="Plugins" name="&amp;........."/>.......<Item menuId="Window" name="&amp;........."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="........ ..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\telugu.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):43175
                                                                                                                                                                                                                Entropy (8bit):4.946753811649962
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:rmk3PCBMllTBCcPTt5PHJZ3LG8XjLdHd0Wp+W+vYjPri9DPORGmjLkw8soyVoI8r:rrqKfZ/r8POW209JgCV35L
                                                                                                                                                                                                                MD5:EBA1EA00DF8D0D54139F6A176A19F3C3
                                                                                                                                                                                                                SHA1:22111C5365EC8B4F69D827FD2EF70D255602B5A5
                                                                                                                                                                                                                SHA-256:CD021EBD57EC2FBBC139744A9A11D8F95A04A929F3DE88DCF9153099D164EE89
                                                                                                                                                                                                                SHA-512:FACC82F4E277591A7721B0ABEB1D1B1C27B15D0D7B15C0E2B4CF81F744446388F9D199E59417F7A29930FB75E9DAE3250D8F66FB10D39F0A9271C64DE1EA6DD0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ...This is Telugu language file for Notepad++....I am Inspired by the Tamil and Hindi languages work done by Arivarasu B. and Rathin A. Dholakia....Author: Sreedhar Reddy V...Email: srib4ufrnd@gmail.com...Note: In case of any suggestions and improvements please contact me. Help Indian Languages To Grow. Thank you...-->..<NotepadPlus>...<Native-Langue name="......" filename="telugu.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name=".... (&amp;F)"/>.......<Item menuId="edit" name="..... (&amp;E)"/>.......<Item menuId="search" name="..... (&amp;S)"/>.......<Item menuId="view" name=".... (&amp;V)"/>.......<Item menuId="encoding" name="........... (&amp;N)"/>.......<Item menuId="language" name="........... (&amp;L)"/>.......<Item menuId="settings" name="........... (&amp;T)"/>.....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\thai.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41024
                                                                                                                                                                                                                Entropy (8bit):5.077227496963627
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:n2+F0vuX0DWzU8hPhcqh/8ZhbUIP2hwFaz+W9BPhQW3X1G5CSQjSZ0vAmkMqOKNu:n+MUIpcC/EeRduDrZruc4ke
                                                                                                                                                                                                                MD5:897528CA481081BBBB3A52B88C933AF5
                                                                                                                                                                                                                SHA1:B6F3317073970FA91344AF63061C7CBCA5CA90C0
                                                                                                                                                                                                                SHA-256:F90F18D7D3D822790FBEA2794C94F5A6654BD2EEF1E8F7B89FE80E27251970CB
                                                                                                                                                                                                                SHA-512:2445DEA1798A0F7F1CD58E0F7189B237142B376EA4A55E415339ACE2B3AD8ADF0833F864B8CAA8EC10B27729A8804A6910777A42682FAA292D664096A0455ACE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="thai" filename="thai.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name=".... (&amp;F)"/>.......<Item menuId="edit" name="..... (&amp;E)"/>.......<Item menuId="search" name="..... (&amp;S)"/>.......<Item menuId="view" name="...... (&amp;V)"/>.......<Item menuId="encoding" name=".............. (&amp;N)"/>.......<Item menuId="language" name=".... (&amp;L)"/>.......<Item menuId="settings" name="....... (&amp;T)"/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name="........"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\turkish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):102844
                                                                                                                                                                                                                Entropy (8bit):5.44114047602489
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:0I2ZuKPj+t0yJ9GPrFWq4jU1Q/reJigMRih+3OigUvKaycyGCqcWYxl7xpDwieu3:0juK4zesN3Dvw5DDlup3V1e
                                                                                                                                                                                                                MD5:AE8064BDC3B007FDBCF26E9BB3272E60
                                                                                                                                                                                                                SHA1:E769B5A0037284CA82C1782ACBD2EEF6FAB259E3
                                                                                                                                                                                                                SHA-256:D12B7D4F8F0A2AAFC3148714182E4BCA3190A0906DC3D54BACB8663399800217
                                                                                                                                                                                                                SHA-512:D7C65FBB8B97ECC31DF36F2D8457ED08B05DA88158C31D510891AAFEA65BE3EAFEB17A322D76BA0AF3057387F4955237B4BE2708DFBA432FD8CD17D306C45EED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...eviri notu:..1. L.tfen, XML .evirinizi d.zenlemek i.in XML Tools eklentisini y.kleyin. "Eklentiler -> XML Tools -> Pretty Print - indent only" men.s.deki komutu kullan.n...2. T.m yorumlar a..klama i.indir, .eviri i.in de.il...-->..<NotepadPlus>...<Native-Langue name="Turkish" filename="turkish.xml" version="8.6.9">....<Menu>.....<Main>...... Ana Men. Giri.leri -->......<Entries>.......<Item menuId="file" name="&amp;Dosya"/>.......<Item menuId="edit" name="D.&amp;zen"/>.......<Item menuId="search" name="&amp;Ara"/>.......<Item menuId="view" name="&amp;G.r.n.m"/>.......<Item menuId="encoding" name="&amp;Kodlama"/>.......<Item menuId="language" name="Dille&amp;r"/>.......<Item menuId="settings" name="A&amp;yarlar"/>.......<Item menuId="tools" name="Ar&amp;a.lar"/>.......<Item menuId="macro" name="&amp;Makrolar"/>.......<Item menuId="run" name="&amp;.al..t.r"/>.......<Item menuId="Plugins" name="&amp;Eklentiler"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\ukrainian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):133603
                                                                                                                                                                                                                Entropy (8bit):5.440766935405674
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:kaH3xs5ayijJnJgrvhkygwd8EfBsWleX2TYKQn6GHxpnhFioopNse:kaXxoykhkygVitZUKQn6GRJhFixpNse
                                                                                                                                                                                                                MD5:90630B242C39AE0E83F4FE4C3C62F985
                                                                                                                                                                                                                SHA1:5D62FCF0D40374896370ADF596A9093D9CEF59EB
                                                                                                                                                                                                                SHA-256:D353143C0970999514236F1493C7C1D86F24882A44E46C2CA9B053E03E32E025
                                                                                                                                                                                                                SHA-512:4C99444C0DAD1B49083F312649C5A73495D76C0B3D1EAA7E8C5305A7F9C3E795B51DFC01B1014EA86A78EEF89021873408DEA63E7EDC6F8C0F33CE2E4597CECF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name=".........." filename="ukrainian.xml" version="8.6.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name=".........."/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="......."/>.......<Item menuId="encoding" name="........."/>.......<Item menuId="language" name="...."/>.......<Item menuId="settings" name="............"/>.......<Item menuId="tools" name="..........."/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="........"/>.......<Item menuId=

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\urdu.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12846
                                                                                                                                                                                                                Entropy (8bit):5.463916984329165
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:Wa+miRi0G6rgAcld5ykW5IKiXCWF4sk7ntn8N9eTwN4+7ds5dOuGzeGLoa+7p0KZ:Warqo5a5QCWFetn8WTXqRJo56K5hpvge
                                                                                                                                                                                                                MD5:8D27A610FBD84B93B3941FE6E2EA5529
                                                                                                                                                                                                                SHA1:2B9F2AF89673A3553CC50E28A3702AF842DBF219
                                                                                                                                                                                                                SHA-256:35F660EFF9025E096AC18860FF81B085F28F652578FF5948D7215EA24C4F554B
                                                                                                                                                                                                                SHA-512:38801CFB3BDDD42A4F60983D3BB638B8788A4625521E96674942D88CE36EA8C6182C1C8A06240D937104E890FA894514901FCD0F66E7E58B3F1808885FE31934
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Urdu" RTL="yes" editZoneRTL="no" filename="urdu.xml" -->...<Native-Langue name="Urdu" RTL="yes" filename="urdu.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;........"/>.......<Item menuId="language" name="&amp;....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\uyghur.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40429
                                                                                                                                                                                                                Entropy (8bit):5.431262484300799
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:/fq0i6711pUOy00FzSyGzUCQunLMyLVgPalck4ebzi5cRrdAoYs5e:/fq0iILU7XunL9L5rblYs5e
                                                                                                                                                                                                                MD5:09C4A97888BD74E6CA0C75C45CF1B573
                                                                                                                                                                                                                SHA1:BEAB76D723FA653F4B0F417EC31B2B2FDA33E228
                                                                                                                                                                                                                SHA-256:A1766715C33A14131121BCF5230BF3EADB272A989E695A297AEADC0B58CD28E0
                                                                                                                                                                                                                SHA-512:D27C7476698D087F0BCB174431C48BBC950A3F008B18B139B2ED9443538BFB58C535B085E68A08DD5619502641B078C6668726CB6FE9AD3AD46E519145CD307C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Uyghur(........,China) translation made by: -->.. Yasinjan Ghupur <yasenghupur@sina.com> 21 march 2012,revised: 25 April 2012-->.. If you want to see RTL direction, please rewrite <Native-Langue name="Uyghurche" RTL="yes" filename="uyghur.xml" > -->.. ...... ..... ........ ............. 2-... ..... ........... <Native-Langue name="Uyghurche" RTL="yes" filename="uyghur.xml" >-->..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Uyghurche" RTL="yes" editZoneRTL="no"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\uzbek.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (395), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):69688
                                                                                                                                                                                                                Entropy (8bit):5.513050211787308
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:Jm7/tTVfDP/BM7pCCKMY/p9gp+1eAktAPFhLLRe:J+tTVfD3ylJKjB1eAktAPFhBe
                                                                                                                                                                                                                MD5:95768C45F3C37D94A09EE30DA660AF6D
                                                                                                                                                                                                                SHA1:E803366438D6127FBEF56B826C1C00EC7B323EA1
                                                                                                                                                                                                                SHA-256:F77CA0A17D489FA30254A068E94BB40093CCBAEF68519DE7F5EA60CDED5B4A80
                                                                                                                                                                                                                SHA-512:CC6D46C61DF726FA0C2273194E64ADE498850E48F972D7FAEF3BB4A604A711C9E27E8763EFD83EB7FA2BEC45CB8D03A118A35BCEBA25EB52F162A0F0A4287FEE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Uzbek translation made by:..Orzu Samarqandiy <orzu at sourceforge.net>..Abdurashid Muhitdinov <cool_zero at list.ru>..Last update: 2009 July 07..-->.. ..Uzbek (Latin) translation for Notepad++..Updated to v8.1.4:..Updater: Shamsiddinov Zafar..-->..<NotepadPlus>...<Native-Langue name="O.zbekcha" filename="uzbek.xml" version="8.1.4">....<Menu>.....<Main>........<Entries>.......<Item menuId="file" name="&amp;Fayl"/>.......<Item menuId="edit" name="&amp;Tahrirlamoq"/>.......<Item menuId="search" name="&amp;Qidirmoq"/>.......<Item menuId="view" name="&amp;Ko.rinish"/>.......<Item menuId="encoding" name="&amp;Kodlashlar"/>.......<Item menuId="language" name="&amp;Sintaksislar"/>.......<Item menuId="settings" name="&amp;Tanlovlar"/>.......<Item menuId="tools" name="Qo.shimchalar"/>.......<Item menuId="macro" name="&amp;Makroslar"/>.......<Item menuId="run" name="&amp;Ishga tushirmoq"/>.......<Item menuId="Plugins" name="&amp;Ilovalar"/>....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\uzbekCyrillic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):30045
                                                                                                                                                                                                                Entropy (8bit):5.258674863524996
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Gj+khlxyQ6ah8bQU4A0pJbYEcFCXbDoXienaPUe:GxhqQT8bQG0FcFCLDoX7yUe
                                                                                                                                                                                                                MD5:F226A7BB9982EB764F20ACB02B084130
                                                                                                                                                                                                                SHA1:3030A16F9125D53FE4387B5A284ADAE328E92AAC
                                                                                                                                                                                                                SHA-256:837EE8F2497C3E62CC008C297BFE7A8B8A6AE7D9263C40282ED23E0F7088A0C7
                                                                                                                                                                                                                SHA-512:9FD15CB3282F33F51AD4AA82E0A7092D6854BDF0B1AAC782C4504518C24EE0B20335FC7586BEA8EE23B5D9F1F43ED6419E0B65C054D44BED96711DB1ACE6722C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Uzbek translation made by: -->.. Orzu Samarqandiy <orzu at sourceforge.net> -->.. Abdurashid Muhitdinov <cool_zero at list.ru> -->.. Last update: 2009 July 07 -->..<NotepadPlus>...<Native-Langue name="......." filename="uzbekCyrillic.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="........."/>.......<Item menuId="search" name="......."/>.......<Item menuId="view" name="......."/>.......<Item menuId="encoding" name="............"/>.......<Item menuId="language" name="........."/>.......<Item menuId="settings" name="........."/>.......<Item menuId="macro" name="........."/>.......<Item menuId="run" name=".... ......."/>.......<Item menuId="Plugins" name=".........."/>.......<Item menuId="Window" name="......."/>......</Entries>........

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\venetian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):105872
                                                                                                                                                                                                                Entropy (8bit):5.259688032201712
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:5Vashm/wO8H/Ay2lvZjQ5+2itC7+Llkv3V2mPrQWx9GwdGHby1OyHrXe6NuzwHaZ:ra4mg25ZEEMohWxFfXQf6xCTJ7Jo5pde
                                                                                                                                                                                                                MD5:B82D267614EEFCDB21763B812A18123E
                                                                                                                                                                                                                SHA1:CCD24C73D94953F1E453699AE15960AD1DA51133
                                                                                                                                                                                                                SHA-256:556575B151ED43406B9EA9E6310C798CA8B78980879858061CF04E8D8A1DE65C
                                                                                                                                                                                                                SHA-512:9EF9F5AA56B58A841AC21281972758972880E432882B22AED55398C41BD12CFCF04F99A0B74BBAB6880A2C30C49054DE1D9FA166BF26C93693F3BFF10F017D08
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version = "1.0" encoding = "utf-8" ?>.. .. Venetian translation for Notepad++.. Last modified Sun, Jul 28th, 2024... Translators: 2019-xxxx, Matteo Concato (Conky77).. For updates, see https://github.com/notepad-plus-plus/notepad-plus-plus/tree/master/PowerEditor/insta ler/nativeLang..-->.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="V.neto" filename="venetian.xml" version="8.7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Mod.fega"/>.......<Item menuId="search" name="&amp;Ruma"/>.......<Item menuId="view" name="&amp;Vixua.ixa"/>.......<Item menuId="encoding" name="Forma&amp;to"/>.......<Item menuId="language" name=".en&am

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\vietnamese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):99588
                                                                                                                                                                                                                Entropy (8bit):5.64901512867731
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:WL5Fbc9O5lBpX5tgaNvXPVdVsQDaKLWiBoi5pEf:WDXPV4MZLVBz3i
                                                                                                                                                                                                                MD5:10CD7529620BE6E4D85781DF8DC2ED2F
                                                                                                                                                                                                                SHA1:14BD5B81636909B598FA95F300D8AFA61BA9CAD5
                                                                                                                                                                                                                SHA-256:FE415E48917E0E97990668AA68FB5AAD70CA768876A6E5D8AFC99AB5A3172395
                                                                                                                                                                                                                SHA-512:965A33DE1A0E0B8DDB0B1A10F9BE1E74840C35E3CA3CDDAC338E37AE68D75D6968993A38B6B9339AF6813D5F8681AB0889641036F3235CFCC8691989FCB4649A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name="Ti.ng Vi.t" filename="vietnamese.xml" version="8.4.7">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;T.p"/>.......<Item menuId="edit" name="&amp;S.a"/>.......<Item menuId="search" name="T.&amp;m"/>.......<Item menuId="view" name="&amp;Xem"/>.......<Item menuId="encoding" name="&amp;Bi.n m."/>.......<Item menuId="language" name="&amp;Ng.n ng."/>.......<Item menuId="settings" name="T&amp;hi.t ..t"/>.......<Item menuId="tools" name="C.n&amp;g c."/>.......<Item menuId="macro" name="&amp;V. l.nh"/>.......<Item menuId="run" name="Ch.&amp;y"/>.......<Item menuId="Plugins" name="T&amp;r.nh c.m"/>.......<Item menuId="Window" name="C.&amp;a s."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-op

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\welsh.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41895
                                                                                                                                                                                                                Entropy (8bit):5.134394785096586
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:ExDy72Vqy/JP2/CiS5IDw+W4C0VgFLW+s2O1BUte:ExD6NHK5IDw+Wt5LCVAe
                                                                                                                                                                                                                MD5:D3E0323D49BB4547B4C2EFFCBCD2D5AB
                                                                                                                                                                                                                SHA1:C6554AF27FBF1B21B30D42AED54EA44F6FE1A080
                                                                                                                                                                                                                SHA-256:86747FFBEEBAEECF75EF270017CC90E4B8471E116970B53E999CF621D7B82869
                                                                                                                                                                                                                SHA-512:1FB132D23AC6D64F9648F7BB00B7FA7F081F3F24DEC40EA19E7975C2E28451CC58987FAFA318A99F2994F5C1569C50477CE842AAE5EA2DB0E8800DC6F8EE071A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Cyfieithiad | Translation..19.12.2014..gan/by Aled Powell..-->..<NotepadPlus>...<Native-Langue name="Cymraeg" filename="welsh.xml" version="6.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Ffeil"/>.......<Item menuId="edit" name="Golygu (&amp;E)"/>.......<Item menuId="search" name="Chwilio (&amp;S)"/>.......<Item menuId="view" name="Golwg (&amp;V)"/>.......<Item menuId="encoding" name="Amgodiad (&amp;N)"/>.......<Item menuId="language" name="Iaith (&amp;L)"/>.......<Item menuId="settings" name="Gosodiadau (&amp;T)"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="Rhedeg"/>.......<Item menuId="Plugins" name="Ategolion"/>.......<Item menuId="Window" name="Ffenestr"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Agor Ffolder Lleoliad"/>.......<Item subMenuId="file-closeMore" name="Cau Mwy"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nppLocalization\zulu.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (314), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):63038
                                                                                                                                                                                                                Entropy (8bit):5.236503274195142
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:B0tQvNqocDMH33BEr6bckvC9WgvTeeyY4Wtv7ltBiLHjiN1L:BqQlqocgHRbDvC9WgvThhtODiN1L
                                                                                                                                                                                                                MD5:CFF25DEB9B9FCD120B4EFA7EBFFA979B
                                                                                                                                                                                                                SHA1:5233EA1689DC6B360D4243202E76942902BEFCCF
                                                                                                                                                                                                                SHA-256:613FE54A466082A1267DEC9014B0D1E582B5BF3507B6A04403D273FC81482E35
                                                                                                                                                                                                                SHA-512:1C100CF7C3F709E14C7FF55626BC8DEFD5A4C520037A929A6966608C2C1226D59FA10A2A6A06BFC421833E6F8C54B257DABE5E141B9FD4D33CC60E8CCABD24A3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..***********************************************************************************...zulu language binary translations file for Notepad++ ::...Created By:- Roshan K. Rathod...Email id- rathodroshan0137@gmail.com,rkinfoteh28@gmail.com..************************************************************************************.....-->..<NotepadPlus>...<Native-Langue name="zulu" filename="zulu.xml" version="7.6.2">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;ifayela"/>.......<Item menuId="edit" name="&amp;hlela"/>.......<Item menuId="search" name="&amp;sesha"/>.......<Item menuId="view" name="&amp;buka"/>.......<Item menuId="encoding" name="E&amp;ukufaka ikhodi"/>.......<Item menuId="language" name="&amp;ulimi"/>.......<Item menuId="settings" name="Se&amp;izilungiselelo"/>.......<Item menuId="tools" name="To&amp;amathuluzi"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menu

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsd82AF.tmp\nsDialogs.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9728
                                                                                                                                                                                                                Entropy (8bit):5.158585441954107
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
                                                                                                                                                                                                                MD5:1D8F01A83DDD259BC339902C1D33C8F1
                                                                                                                                                                                                                SHA1:9F7806AF462C94C39E2EC6CC9C7AD05C44EBA04E
                                                                                                                                                                                                                SHA-256:4B7D17DA290F41EBE244827CC295CE7E580DA2F7E9F7CC3EFC1ABC6898E3C9ED
                                                                                                                                                                                                                SHA-512:28BF647374B4B500A0F3DBCED70C2B256F93940E2B39160512E6E486AC31D1D90945ACECEF578F61B0A501F27C7106B6FFC3DEAB2EC3BFB3D9AF24C9449A1567
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L...Q.d...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\InstallOptions.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):15872
                                                                                                                                                                                                                Entropy (8bit):5.471472713414473
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
                                                                                                                                                                                                                MD5:D095B082B7C5BA4665D40D9C5042AF6D
                                                                                                                                                                                                                SHA1:2220277304AF105CA6C56219F56F04E894B28D27
                                                                                                                                                                                                                SHA-256:B2091205E225FC07DAF1101218C64CE62A4690CACAC9C3D0644D12E93E4C213C
                                                                                                                                                                                                                SHA-512:61FB5CF84028437D8A63D0FDA53D9FE0F521D8FE04E96853A5B7A22050C4C4FB5528FF0CDBB3AE6BC74A5033563FC417FC7537E4778227C9FD6633AE844C47D9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.px.q.+.q.+.q.+.q.+[q.+.~C+.q.+^R.+.q.+^R/+.q.+.w.+.q.+.Q.+.q.+Rich.q.+........PE..L...O.d...........!.........`.......+.......0............................................@..........................8......X1..................................X....................................................0..X............................text............................... ..`.rdata..G....0......."..............@..@.data...DL...@.......,..............@....rsrc................6..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\LangDLL.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5632
                                                                                                                                                                                                                Entropy (8bit):3.81833601044378
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:S46+/pTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8m/ofjLl:zbuPbO5tCZBVEAWyMEFv2CmCL
                                                                                                                                                                                                                MD5:50016010FB0D8DB2BC4CD258CEB43BE5
                                                                                                                                                                                                                SHA1:44BA95EE12E69DA72478CF358C93533A9C7A01DC
                                                                                                                                                                                                                SHA-256:32230128C18574C1E860DFE4B17FE0334F685740E27BC182E0D525A8948C9C2E
                                                                                                                                                                                                                SHA-512:ED4CF49F756FBF673449DCA20E63DCE6D3A612B61F294EFC9C3CCEBEFFA6A1372667932468816D3A7AFDB7E5A652760689D8C6D3F331CEDEE7247404C879A233
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L...P.d...........!........."......?........ ...............................p............@.........................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\System.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                Entropy (8bit):5.805604762622714
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
                                                                                                                                                                                                                MD5:4ADD245D4BA34B04F213409BFE504C07
                                                                                                                                                                                                                SHA1:EF756D6581D70E87D58CC4982E3F4D18E0EA5B09
                                                                                                                                                                                                                SHA-256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
                                                                                                                                                                                                                SHA-512:1BD260CABE5EA3CEFBBC675162F30092AB157893510F45A1B571489E03EBB2903C55F64F89812754D3FE03C8F10012B8078D1261A7E73AC1F87C82F714BCE03D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L...S.d...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\UserInfo.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                Entropy (8bit):3.3417962237544945
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:qKYHC+J4apHT1wH8l9QcXygHg0ZShMmj3jkRTbGr7X:5piRzuHOXTA0H6jkRnGr7X
                                                                                                                                                                                                                MD5:D458B8251443536E4A334147E0170E95
                                                                                                                                                                                                                SHA1:BA8D4D580F1BC0BB2EAA8B9B02EE9E91B8B50FC3
                                                                                                                                                                                                                SHA-256:4913D4CCCF84CD0534069107CFF3E8E2F427160CAD841547DB9019310AC86CC7
                                                                                                                                                                                                                SHA-512:6FF523A74C3670B8B5CD92F62DCC6EA50B65A5D0D6E67EE1079BDB8A623B27DD10B9036A41AA8EC928200C85323C1A1F3B5C0948B59C0671DE183617B65A96B1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L...T.d...........!................~........ ...............................P............@.........................@"......l ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...h....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\bulgarian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2814
                                                                                                                                                                                                                Entropy (8bit):5.6485951248784625
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cWQcAXSvbyAHghw0zxh2fT2fBsqqCuE0zt0zG0v9bE2z9MQCQUD0zUDA/H8Me:wcpvxgy0zx6YIO0zt0zG0FbE2GQUD0zO
                                                                                                                                                                                                                MD5:594D2BEDF63951F83823D4FA574C84F2
                                                                                                                                                                                                                SHA1:0AAE73856C0D15D48E07B7C2886F2570C19A57C1
                                                                                                                                                                                                                SHA-256:B47A4E2EA78ED3897DBA74C36D90C318E8E6C093FC9CC37909A46594B1C9BAF9
                                                                                                                                                                                                                SHA-512:69F00FF04670A6B1CA4B7BB57622AEEFC7959E6BE7E9BB4D310D61CB296CADF1C9D2ABA8434691C253A56419761F6BB019C21BCF39CC0F710D277CE4474BB444
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ========================================== [ Bulgarian localization ] ===\..|..| Translators:.....: 2023.yyyy . Rusi Dimitrov;..| Last revision:...: 15.02.2023 by Rusi Dimitrov <npp[at]rdd.anonaddy.com>..|..\========================================================================== -->.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should hav

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\catalan.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1418
                                                                                                                                                                                                                Entropy (8bit):5.2886005682441795
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dqrO3SAybykOkHbCTbVfIQHWRYNEN6vOLToNfJVOLWoNdevoNwtsoNkbYjjNBMe:cqqSnbyAHg2R+vOLTOOLWeev9uhUjnMe
                                                                                                                                                                                                                MD5:A91DC3C39B0B52E500FE25D2BC362DCE
                                                                                                                                                                                                                SHA1:A27849E4280BF3D5268D68CC06291B9F2DCB445B
                                                                                                                                                                                                                SHA-256:F8D007309E59318C637897296AF82A3F49CDE999ED10DF42EE91170BCF1833F5
                                                                                                                                                                                                                SHA-512:8AEF9F71C25EA20DF944B5D311B0F2650D00417BAAD81E81030E85CDA4CCE0C8EE06DBC5D7E66BA01DF612C93849B3E361BE40D115FE9F25E8EE5C87C8CECFD5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2015 Adolfo Jayme Barrientos <fitojb@ubuntu.com>..... This file is part of GUP..... GUP is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Catal.">...<PopupMessages>....<MSGID_NOUPDATE content="No hi ha cap actualitzaci. disponible." />....<MSGID_UPDATEAVAILABLE cont

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\corsican.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2412
                                                                                                                                                                                                                Entropy (8bit):5.422006988693449
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2ZqoRtBpEWaWzO2f/2fB7GiqTGzvQBa59DThoYeeMe:xvxg8/PDcxGPacwnht
                                                                                                                                                                                                                MD5:93FB3BC8C4EB49316CED1903AAB93609
                                                                                                                                                                                                                SHA1:CD58DB529DDE949B8CA2D90839CD354A95E71EAC
                                                                                                                                                                                                                SHA-256:D47BC203766505B4426EA448129FC7866B892BC02AF708DAF3E8F9D334911F68
                                                                                                                                                                                                                SHA-512:E76D4FADC8C570F9F8B6E805ADC01BD300FDD8F00B1F1374FDB333A7A3A2EBD07CA158052C532A91673591A3160F9503D6E37B4811EC1CCD8CD6C5D3F1E009F1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->.... .. History of Corsican translation for wingup....- Created on February 13th, 2023 for version 5.2.4 by Patriccollu di Santa Mar

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\croatian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2134
                                                                                                                                                                                                                Entropy (8bit):5.458357830525038
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cffSvbyAHg2RYKLH2fbr2fBzXCkpGzLiURmKuQk96YzM8C9J7FMe:Lvxgv4Ucd0PhmKuQhx8e7b
                                                                                                                                                                                                                MD5:38C10E56D1CC3B6C6362C102C61D5ACD
                                                                                                                                                                                                                SHA1:7FCC0FCF2B296F18E5662C08A966DBF2A983BEA6
                                                                                                                                                                                                                SHA-256:C7DC095197CF73441ECBB241B68C756A62B8F0C071F85B5093BC0F5F948BDB1D
                                                                                                                                                                                                                SHA-512:2EF4007401427B7F24DCA5362BEFDBA8F9EFF89DEC41E7F26851379B181103C71389FC65989910ED268128F6BAC7A40B83D2730E0D4EBE598A80B4C00A86557D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Updated 2 April 2023 by Elvis Gambira.a (el.gambo@gmail.com)..-->.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Hrvatski" version="5.1.3">...<Po

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\czech.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2211
                                                                                                                                                                                                                Entropy (8bit):5.5728909154869966
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:csygHHSvbyAHg2RN252fG2fB+XTKNGz8Dmz5T9Uk2e9s0BMe:QKyvxggTLsV9Lrv
                                                                                                                                                                                                                MD5:5305808106F9358C10CCD81469B5ABC5
                                                                                                                                                                                                                SHA1:3E2526380473467AEF9FD9CD1E61339D20BA4416
                                                                                                                                                                                                                SHA-256:369F51628CA53FCC5CFBB02862E98E107C473D81DB07A8F72A0823128F12EA19
                                                                                                                                                                                                                SHA-512:4F401016AACC8830736ABFF4A38A8FDFB56512B8AAEABC2D517AFB4C5321AB6CA4DF655F5F951A737C6B17FC620C467B30B4F832C81A34395BC216F0713C6DB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ...- last change: 24/Feb/2023 by Ond.ej M.ller (mullero@email.cz)...- translation contributors: Ond.ej M.ller (mullero@email.cz), ..-->.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is op

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\english.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1985
                                                                                                                                                                                                                Entropy (8bit):5.3345221989872895
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2Rs8b2f72fB9r48GznEb9kcrajZnHyMe:xvxglfwyvH4
                                                                                                                                                                                                                MD5:377EA0394D5546D379F86C3FC3AD80A5
                                                                                                                                                                                                                SHA1:ED55837D307213F25DA587C86522AB4B1224E3BE
                                                                                                                                                                                                                SHA-256:2264B2A212F7762273091D80D162EE4099998F7CAA8C5399849D6884236A6B66
                                                                                                                                                                                                                SHA-512:8A1BDDA4FA0DE7B1A873DD7BD7F2F7542CA7895723691DDD0AA4F35F269133592CBB1E4516CA32D5191444A3595709949DD3717A1127E5EB1936118AE032A3A4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="English" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="An update package is available,

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\french.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1958
                                                                                                                                                                                                                Entropy (8bit):5.416329306825847
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RQtgq2yGzz9N+3g9CXV4jzcvMe:xvxgpC3lO4Yx
                                                                                                                                                                                                                MD5:52E398CA22DD0D5E3E0F92072210E872
                                                                                                                                                                                                                SHA1:990575A3D929D662C5D2CA3DCCFEBDFC98B61D88
                                                                                                                                                                                                                SHA-256:7294744B49DF0AE7DD428803E1663A918FBEFC39FC75AA30D597350D29E2E8B5
                                                                                                                                                                                                                SHA-512:C4B3E798DFCB685E301864CCACF256D8EC802B675880C38A55085FE5D8F9A6EFC67F7650B66818AFB6AF5792E44B67C71FDD34164F06DE9B9752990891533FBA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="fran.ais" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Une mise . jour est disponib

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\galician.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2045
                                                                                                                                                                                                                Entropy (8bit):5.424163408031029
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2Rjl2f/H2fBQrJ4Gz+11ozPwOC97VJnBzMe:xvxgV/UyBSyPwpD9
                                                                                                                                                                                                                MD5:FF7002BC05A62AD22078F8C3086FF0C0
                                                                                                                                                                                                                SHA1:FFD657E3EF026689ACD104061B963EC8B9FBA79D
                                                                                                                                                                                                                SHA-256:0A4A9674C5476A61755CBAE552E5F6CAFB507E137056332C9562560536D5E4C6
                                                                                                                                                                                                                SHA-512:9CCD72423C0565A75EBF951426785F03808518A1ACB4EC1722F58E0A00BAC743C3EAB982099484ECFDD7524C641CA708ADFC42AD92433C9AC2B6E9F202CF065E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Galician" version="5.2.4">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Hai unha actualizaci.n dispo.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\german.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3102
                                                                                                                                                                                                                Entropy (8bit):5.420087718763711
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:ciSvbyAHg2RV9Uqpfif3CpfxrtfkhCV+zv4Elh83JGYkcrafay1PRyWHyj6DMe:uvxg2eqFY3CFfkhCV+TD83UHNcWH5t
                                                                                                                                                                                                                MD5:5E8AEE546DA4976836B0F7D3A042304A
                                                                                                                                                                                                                SHA1:5C7856F74A9B54860F6550AB985F572C721E5E52
                                                                                                                                                                                                                SHA-256:6D457663C6FA12ADC8B2A02602E25DF988A591049439BD59658AFC88B2B7A767
                                                                                                                                                                                                                SHA-512:8DB3CE25597310A0D2DB5004DC7AF0C164F5882A55C5A3ED06161985F0D5D60601566F9080D3B34F67BD1EB6360B3888FC37B49B0B50EE5972F1580BC0D3AD80
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>.... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name = "Deutsch">...<PopupMessages>...... <MSGID_UPDATEAVAILABLE content="An update package is available, do you

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\indonesian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2043
                                                                                                                                                                                                                Entropy (8bit):5.383463751489097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RuS2f/YT2fBQojGzdJcakFz9qXiAJ6WMe:xvxgJv/YYyzxP7iC
                                                                                                                                                                                                                MD5:E24A747CD51C67FACA295C0E7BDA1265
                                                                                                                                                                                                                SHA1:07F10EF5491D1A65DDAC6B43FCF74F86622EF513
                                                                                                                                                                                                                SHA-256:A619C8328280D5B434C00F11B83C0A557A316CC9CB2616264AEC6061E9121649
                                                                                                                                                                                                                SHA-512:B1AA9A6E1C798F9A51560AD2C6D5E426D3CC418F0F78B42F4B3DF4C7F118BC0F6B6418ACC6F6F0245D8758B238F054B93DE59A99C46151751849C1033D42C5C9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Indonesian" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Sebuah paket pembaruan terse

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\italian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2052
                                                                                                                                                                                                                Entropy (8bit):5.352890103401795
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c+SubyAHr2RlSZ92f/3t2fBQz7TGzbIaUKKaep9jTBZSSKMe:cuxrdE/+y3a/NLoBA
                                                                                                                                                                                                                MD5:6BFBE84BB770692AAAB5961548ED5314
                                                                                                                                                                                                                SHA1:D6A7BA2A763D8A26DAB03FB0A62FC2CDFB270FC2
                                                                                                                                                                                                                SHA-256:3E02C80B0E3C02DEBB9E0F205BABA9F77354F12921C664280034A9B748583DED
                                                                                                                                                                                                                SHA-512:9EA9695CC73B0B47669EB1C87048023696EBB1BE8515AD9D68C0F28D4C5DA587E1D25BEEC9E4E4CBABE22284C920A30043AAA529154B3E5A39A81771F183AC9F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.. GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Italian" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content=". disponibile un aggiornamento: scar

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\japanese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2278
                                                                                                                                                                                                                Entropy (8bit):6.049847215483342
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:cwOJSvbyAHg2R8nPGc2fYu2fBRiGGXFGzNUTU7bCXrQ995G52dLPrnMe:xvxgHE6y0ygWc511
                                                                                                                                                                                                                MD5:DDA944C3D3D96413F0086FC158452B6E
                                                                                                                                                                                                                SHA1:6DA4A71DB292D2F039735B194A6897DC72333BAE
                                                                                                                                                                                                                SHA-256:6C6F5A3BB84821F19DEF68D70D07E73492803093D7F37F743F3197BF5A04A44E
                                                                                                                                                                                                                SHA-512:1556DEE5036667FF0823A8646497F8081CC0DB92656BB9FACE39FE39803C75C2F7A0AA541357DD8338CBF1C8A80EA9D47C98E0F830CBAF006F84B61917102809
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>.. Copyright 2023 MISE Yasuhiro.... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Japanese" version="5.2.4">...<PopupMessages>....<MSGID_UPDATEAVAILABLE conten

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\portuguese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2118
                                                                                                                                                                                                                Entropy (8bit):5.430676639243166
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2R+oFXp2f92fBh6wGz74jGaKa9qQe51YSuwuMe:xvxg5eS+yv3tbu
                                                                                                                                                                                                                MD5:BE987CF4FA7B3B7B92435101DF147B71
                                                                                                                                                                                                                SHA1:40521C5F2E26556C14CC6EB0D9A2667ADF5DCFE6
                                                                                                                                                                                                                SHA-256:EAC35C9AFE2BCBF750113C55E44369E7765DA8B277924C6555E6022ED328A40F
                                                                                                                                                                                                                SHA-512:CC90150AFDDBA9888DFCDC9CC6165BEA2D1916A15447DE2532E6574DFD0BBE1B7FD58FB35270527E350652DF7ADD4D91FCEFACCAC7CA8F8681B68B178C31FADC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Portugu.s" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Est. dispon.vel uma nova a

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\russian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2097
                                                                                                                                                                                                                Entropy (8bit):5.666920920797516
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RH5v1RzMRmJkR8kcra192RrvMe:xvxgG5vCmIZYd
                                                                                                                                                                                                                MD5:E624E7D4BEA38DE2F1FC9C4E6D98AABD
                                                                                                                                                                                                                SHA1:FC517EDEBFB98C7B1E90F30E2CDE5DF1EA1D6A9A
                                                                                                                                                                                                                SHA-256:B02BF73815217FBE1FACC3690E2EBDD34B3A4170C9DBAEF699387854DBCB6F6E
                                                                                                                                                                                                                SHA-512:AB6B81C22787EE996CF4B16A072818A65E314A6C68E9F5C3992B90F89C30A6303F0CE42B5E70CC7296717053AE1B523AFFC53B114598A1988BCDF9B48090AB65
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name = ".......">...<PopupMessages>.... <MSGID_NOUPDATE content="No update is available." /> -->....<MSG

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\slovak.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2097
                                                                                                                                                                                                                Entropy (8bit):5.539028021239655
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2RQxbt2fI2fBzuDMuGz6zEb9bteneQaLMe:xvxgPwhr1exnQl
                                                                                                                                                                                                                MD5:0C2A25CAF7FAB01292FADA38C4CD8456
                                                                                                                                                                                                                SHA1:A02ADAB4BB2D6D2FE9FB707C2EB75E4A0956D4DA
                                                                                                                                                                                                                SHA-256:5458275A3DEEC52075EB36C1B7C92292F7CAAEB59C320518A4DB4D19ED4DAE55
                                                                                                                                                                                                                SHA-512:C5370010BF3898CEFC1F23E92017E937EA9BD518EAFFCC27219390F75C7449662C40694122674C9F7842E03E0BEB323393DA165DE00BB558812DBB4E2468864F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Slovak" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Aktualiza.n. bal.k je k dispo

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\spanish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2061
                                                                                                                                                                                                                Entropy (8bit):5.40261723551305
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:ca4SvbyAHg2RzyQy2f/H2fBQjncwGzwNQOzyC9VXVO1LCBczMe:XvxgAP/Uyjcv9gRlOsBc9
                                                                                                                                                                                                                MD5:2652446EC6716CB6D2AE83A3CCC81F2C
                                                                                                                                                                                                                SHA1:4175FBF3E3A83CA13FBC059D07D6950E70E91407
                                                                                                                                                                                                                SHA-256:7F14456DF2D1D7389458C6C02DC3C4A0A4F0CEC34C322ED8CAD12E9D0BA87B5F
                                                                                                                                                                                                                SHA-512:D5CC5D71AEACE7208E0F917B84E55E630F5AC9B42DCFD29797FD3B4DFA38A307E731C7B94610501AB3F49FA077A56F4884FE6AA7BC1F730BC7320410692AB3F8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2023 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name = "Espa.ol" version="5.2.4">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Hay una nueva actualizaci.n

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\swedish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2114
                                                                                                                                                                                                                Entropy (8bit):5.4042947412433
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c1SvbyAHg2Rbi2fi2fBnxgqmFGzbnOpLX0T92frdWVmMe:xvxgW//11R3n4
                                                                                                                                                                                                                MD5:E4C50C92EF5914113D77B7965C977C23
                                                                                                                                                                                                                SHA1:E61C768BB576830AA24416118907D406B9202081
                                                                                                                                                                                                                SHA-256:D96BC4C13CD085AE7982373904ED6D834008F72485DF51F3D418161DE03D33B3
                                                                                                                                                                                                                SHA-512:0DDF627E7B7D0734DFBE307DC8E17F6203452922F9A7CF752109B825707FC10401B509305706F089D42E1DD56C35B6F1D3E15A4569911DAD7A540A37C2CFEF02
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>..... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Swedish" version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content="Ett uppdateringspaket .r tillg

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\taiwaneseMandarin.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1793
                                                                                                                                                                                                                Entropy (8bit):6.151924034041682
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:ciSvbyAHg2RGUer5Gzd73p03Q9I00XfSMe:uvxgJUe8573oxvY
                                                                                                                                                                                                                MD5:AD796EE6C067B68FB5047A2132149475
                                                                                                                                                                                                                SHA1:8617F3484FE879B2777849D4361BE06510E3BCC3
                                                                                                                                                                                                                SHA-256:AD98E7A459957A9FF0A59E1B7F904E193A8B046808398C855514746981C9DB45
                                                                                                                                                                                                                SHA-512:10600EC20EB88AE9CA8FCDC7057D56B551553D3DCC54E36F7B624C9FC6BDD3FFB129AA4B027068DA9F456E142126A7E10176F844E86BFC4AC1CDCB5EC1A96E00
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2021 Don HO <don.h@free.fr>.... This file is part of GUP for Notepad++.... GUP for Notepad++ is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version..... GUP for Notepad++ is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details..... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="...." version="5.1.3">...<PopupMessages>....<MSGID_UPDATEAVAILABLE content=".........

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\gupLocalization\vietnamese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1488
                                                                                                                                                                                                                Entropy (8bit):5.59409820840344
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:2dQvWFnO3S3ybykOkHbtTbVfIQHWRvzBNEN6uoNLWRnoNQF2zoNwUzYn/MoNH2Nv:cQvCOSibyAHr2Rvzgh5FF2z98Yn/M+EZ
                                                                                                                                                                                                                MD5:2C3064208415D73E8B1D4C68C49121C1
                                                                                                                                                                                                                SHA1:1BA81F814A9765A1A85F4C862DEF3814E37DD448
                                                                                                                                                                                                                SHA-256:CFA10479BE9FA34C0D67AAD90294E79CF20CC02325CBAFB99C14356AEFE975E3
                                                                                                                                                                                                                SHA-512:F9709107EBF8E7015F3C09FD30D1D8101F66C826684F6F1A340A083501C9F3A678670F74C49CD03FEBFE237A9390537829D098CBC7CB33B24D406B84A98A37EF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. .. Copyright 2015 Juno_okyo <junookyo@gmail.com>..... This file is part of GUP... GUP is free software: you can redistribute it and/or modify.. it under the terms of the GNU Lesser General Public License as published by.. the Free Software Foundation, either version 3 of the License, or.. (at your option) any later version... GUP is distributed in the hope that it will be useful,.. but WITHOUT ANY WARRANTY; without even the implied warranty of.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the.. GNU Lesser General Public License for more details... You should have received a copy of the GNU Lesser General Public License.. along with GUP. If not, see <http://www.gnu.org/licenses/>...-->.... This file is optional.-->....<GUP_NativeLangue name="Vietnamese">...<PopupMessages>....<MSGID_NOUPDATE content="Hi.n t.i kh.ng c. b.n c.p nh.t n.o." />....<MSGID_UPDATEAVAILABLE content="M.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\ioSpecial.ini

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1320
                                                                                                                                                                                                                Entropy (8bit):3.714866748199215
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:Q+sxvtSSAD5ylSjqWCs7y6J9at9nU6k8l/rYCxGedwCk6xVrWbYpspn8aH65Otrq:rsx9AQSjqQz9aM8l/fBdbV2hn8aNt50n
                                                                                                                                                                                                                MD5:353D5424F23B41E94DC95ED339C7ECBF
                                                                                                                                                                                                                SHA1:845B8401B8F6E3F624BF371F75D305F786351058
                                                                                                                                                                                                                SHA-256:FD63C8260578C759C603B24143B2C3883DE266F0A5743219003DB4FE6A364CC9
                                                                                                                                                                                                                SHA-512:61DBDCE70A3A704743A7EAB06760382A270A516DAE1EA81F4772F51938E916772B48B7931E8ED06382004DB337472555C175233FEAF8A366EAA07986E35DA99C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..[.S.e.t.t.i.n.g.s.].....R.e.c.t.=.1.0.4.4.....N.u.m.F.i.e.l.d.s.=.4.....R.T.L.=.0.....N.e.x.t.B.u.t.t.o.n.T.e.x.t.=.&.F.i.n.i.s.h.....C.a.n.c.e.l.E.n.a.b.l.e.d.=.....S.t.a.t.e.=.0.....[.F.i.e.l.d. .1.].....T.y.p.e.=.b.i.t.m.a.p.....L.e.f.t.=.0.....R.i.g.h.t.=.1.0.9.....T.o.p.=.0.....B.o.t.t.o.m.=.1.9.3.....F.l.a.g.s.=.R.E.S.I.Z.E.T.O.F.I.T.....T.e.x.t.=.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.g.C.B.E.2...t.m.p.\.m.o.d.e.r.n.-.w.i.z.a.r.d...b.m.p.....H.W.N.D.=.4.5.9.8.6.4.....[.F.i.e.l.d. .2.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.1.0.....T.e.x.t.=.C.o.m.p.l.e.t.i.n.g. .N.o.t.e.p.a.d.+.+. .v.8...6...7. .S.e.t.u.p.....B.o.t.t.o.m.=.3.8.....H.W.N.D.=.4.5.9.3.7.6.....[.F.i.e.l.d. .3.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.4.5.....B.o.t.t.o.m.=.8.5.....T.e.x.t.=.N.o.t.e.p.a.d.+.+. .v.8...6...7. .h.a.s. .b.e.e.n. .i.n.s.t.a.l.l.e.d. .o.n. .y.o.u.r. .c.o.m.p.u.t.e.r...\.r.\.n.\.r.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\modern-header.bmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 150 x 58 x 24, image size 26218, resolution 2834 x 2834 px/m, cbSize 26272, bits offset 54
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26272
                                                                                                                                                                                                                Entropy (8bit):7.678070294241038
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:QmeFh1hjNBSZ3eD4X9d5VmRzR5vTORVINvG6Hj6:sfDjNQZMI/VmRzXvTkVeGY2
                                                                                                                                                                                                                MD5:56DA15FDB8D96F8F5C649DCB5E79D775
                                                                                                                                                                                                                SHA1:157E19E89C5FC690A67E3E3E4786EDFCE917949C
                                                                                                                                                                                                                SHA-256:BB90D4338D2474138473E6B16E94B0237EE847BEA45019ED0DD4439C71BD233E
                                                                                                                                                                                                                SHA-512:341157E6D6A6A445223D7E0B48F6887B32A0F68FA024FE6D3511B8E5F4664BFE25EE8B9C1C9CF6D80DB1DC3B0383BCEC76B385D36AFF176B64A4FEF57E81A8B6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM.f......6...(.......:...........jf................../W.0X./Y./Y.,V..W.0\.0].0].0^.0`.0`.0a 1a"1b$1c$0e&0e'0e)0f*0e*/f,0h.0i.0h/0j10j10k30m51n61p83r:4t<4v>5x@5xA5zA5zD5zE6}G8.I8.J9.M:.N9.O7.N7~P7.Q8.S;.U;.X:.W<.[<.\;.[<._=.bA.iA.i?.f@.k@.kB.pC.rC.qB.rC.tE.wD.wD.tD.wE.{E.|E.yF.}F..F.~F..H..H..H..H..J..J..I..J..L..L..J..J..M..O..N..J.L..P..O..S..T..Q.V.^..^._.e.i.n.v.x.w.{...........................................................................................................4^.0X.1[.0Z.,U./[.3_.2`.1_.1a.1a.0_ 0a!0b#1c$1d$0e&0e'0e(0f*0f+0g,1h.1i/1j00j00j20j30k40n60n61o91p:2r<3t>3t?3vA3xC5zD5zE6zG6zH6{J8.M9.P9.P7.Q6|P7.R9.T:.V;.Y<.\?.`>.a=._?.eC.iA.hA.jC.nB.oC.qD.rD.sC.sC.tD.wE.xE.zE.{E.zE.wE.{E..F..F.|G.|G..H..H..H..H..I..I..K..J..J..J..L..N..N..N..K..M..Q..L.P..V..T..U.].a.d.g.j.n.u.y.w.z.~........................................................................................................7`.7`.0Y.,U.,T.4`.7e.3b.4c.6h.6h.0^ ,\ 1b"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\modern-wizard.bmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154490, resolution 2834 x 2834 px/m, cbSize 154544, bits offset 54
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):154544
                                                                                                                                                                                                                Entropy (8bit):7.700864402260379
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:NKrK243U6RNfWAKVZ17e28FTfWDG7wFlF9:NKW3UMfWTpe2eODG7UF9
                                                                                                                                                                                                                MD5:C2CF6928A3AB574A5548B4DC1C38B6C0
                                                                                                                                                                                                                SHA1:8860FF529F60B38A93912F88F234D46EEBCF664F
                                                                                                                                                                                                                SHA-256:2125550C12FA512782F2016E802D70BC51F4A06017CFBD4176B4A994EB2542F0
                                                                                                                                                                                                                SHA-512:FB6B28F2677B1418F8EBF621DD1E201B127B53B998C02300CAA66A9F374F681961F5B9A7F843D6082821890DF9E3D91A3403B4F83D70D155E9C841893E1F80E4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM.[......6...(.......:...........z[..................8a.5].0W.-S.,R.0W.7_.0W.-S.4\.3[./V.5\.6^.3[.2Z.0W..U.,R.-S.5].6^.4\.6^.7`.7`.5].+P.-S.7`.5].0X./V.0W.2Z.4\.7_.-S./V.4[.2Z.-S.+P.+P.4\.6^.5\.1Y./V..U..T.2Z.6^.6_.6^.6^.5].5].5].2Y.6^.7_.2Z..T..T.2Z.1Y.-S.-S.3[.4\./V..U.,R.-S.5].5].0W.0W..T.-S.,R.-S.0X.4\.2Z.6^.7_.6^.0W./V.0W./V..T..T.-S./V.-S..T.5].7_.7`.7_.2Z.0W.1Y.0W.0W.0W.0W.4\.6_.6^.6^.1Y.4\.2Y.1Y.2Y.0W.0W.0W.1Y.1Y.2Y.2Y.4\.7`.6^.3[.4\.4\.5].5].5\.5].5].1X./V.-S.,R./V.4\.1Y.0W.1Y..T.-S..T.0W.0X.2Z.5\.2Z.0W./V.1Y.1Y.0W./V..U.,R./W.2Z.8a.5].1Y.-S.,Q./W.7_.0W.-S.4\.5\.1Y.4\.6^.1Y.2[.0X./W.0W./V.6^.6^.1Y.2Z.6_.7a.3[.+P.0W.8a.5^.0Y.0V.0X.2Z.4\.7`.0W.0X.5^.4].0X.,R.+P.3[.5].5].2Z./V..U..T.2Z.6^.6_.6^.6^.5].5].5].3[.6_.7`.3[.2Y.3Z.4\./W.,S.,R.0W.1Y.,R.,R.+P.+Q.3[.5]./V.0W.-T.-S.,R..U.1Z.4\.3[.6_.6_.7^.2Z.1Y.1X./V..T.-T.-S./V.-S..T.3\.5].6_.6_.1Z./V.2[.0X.0W.0W.0W.2Z.6_.6_.6^.1Y.4].3[.3[.4].3Z.2Y.0X.1X.0X.1Y.2Y.3\.7`.6_.2[.3\.5].6^.5^.5].5].4\.0X./V.-S.-S.1Y.4\.1Y.0W.1Y.-R.,Q.,R./V./W.1

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\abkhazian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):110064
                                                                                                                                                                                                                Entropy (8bit):5.492424062735476
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:7MQVX2sq8QQNNfaQzBAt1rGUUH0s8WU+B:ZThQE
                                                                                                                                                                                                                MD5:52351AB95F1003EF0F307892213B4ADC
                                                                                                                                                                                                                SHA1:4652C5ACE2418A4CC7E3C3D244FFBC40EA658B39
                                                                                                                                                                                                                SHA-256:96D253EEADE617EADA18BA88AA341E6BDDA346D36724ECB65975C30C5B97B44A
                                                                                                                                                                                                                SHA-512:396013063ECD41EE69B161B20593163AD1B352EA77FFB8FDE06BD6D8452C3227929362A6FD5B794127CE29EEC7374ACD14D031C55AF61867AE5DDCAF4B310F73
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Abkhazian translation for Notepad++..Updated to v8.2.1:..- added new lines..-->..<NotepadPlus>...<Native-Langue name="....." filename="abkhazian.xml" version="8.2.1">....<Menu>.....<Main>...... ...... .... -->......<Entries>.......<Item menuId="file" name="&amp;....."/>.......<Item menuId="edit" name="&amp;........"/>.......<Item menuId="search" name="&amp;......."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;..........."/>.......<Item menuId="language" name="&amp;............."/>.......<Item menuId="settings" name="&amp;........."/>.......<Item menuId="tools" name="&amp;.........."/>.......<Item menuId="macro" name="&amp;.........."/>.......<Item menuId="run" name="&amp;.........."/>.......<Item menuId="Plugins" name="&amp;.........."/>.......<Item menuId="Window" name="&amp;...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\afrikaans.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):23333
                                                                                                                                                                                                                Entropy (8bit):5.040654990401239
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nKDMkZBxHY2SxylY+FG5jQFo+uPMA0X+0xgQFjfbNPJ9hXGFE24o9dTge:nOO2SxiHPrugLT128e
                                                                                                                                                                                                                MD5:5E30C8DCF626F593E2A6D5221D2725E2
                                                                                                                                                                                                                SHA1:96C14ACAFE2A314ECB19F3E0D44814DA3742383E
                                                                                                                                                                                                                SHA-256:2C730B6F428DFBE6F5E99B77BD3376573D860E8DAC7E4C72EFD289754DF37726
                                                                                                                                                                                                                SHA-512:7F1BBFAB39E46183A8150FCB2D0B692F228DCE2D15CF8368D533A1E3B625DC2CEB87FAA70B050E6D5B62AE60FCB6F2BFF2DF0CC9DACCBC6EA8AB9CA725A95645
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Afrikaans" filename="afrikaans.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Le.r"/>.......<Item menuId="edit" name="&amp;Redigeer"/>.......<Item menuId="search" name="&amp;Soek"/>.......<Item menuId="view" name="&amp;Uitsig"/>.......<Item menuId="encoding" name="&amp;Formaat"/>.......<Item menuId="language" name="&amp;Taal"/>.......<Item menuId="settings" name="&amp;Stellings"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Loop"/>.......<Item menuId="Plugins" name="Inkoppeling"/>.......<Item menuId="Window" name="Venster"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Kopi.er Na klipbord"/>.......<Item subMenuId="edit-indent" name="Inspring"/>.......<Item subMenuId="edit-convertCaseTo" name="Verander register"/>.......<Item subMenuId="edit-lin

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\albanian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):44414
                                                                                                                                                                                                                Entropy (8bit):5.163372968117245
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nQPX6Jb7zbDOuVUPqoEjTlyaG4CwWojet5CWJxOX7xjBuvu6VgHfSXJ+JUMLht7H:nQiJbTDO8SqoYTljG4CwWojTdsGAylSe
                                                                                                                                                                                                                MD5:2A7503F7CB5A8B30A8F373E11122C751
                                                                                                                                                                                                                SHA1:3B16253293EF0E41CE240F18A6A8E7AFD3F6EAD2
                                                                                                                                                                                                                SHA-256:C0AFF6D9D796A7E44A86881AF0C4311792F46906DA9051AEA71B2053046302B3
                                                                                                                                                                                                                SHA-512:955C6C545079BF671089593F4EAC26F7F09ED92E10A66B0BE325D4D62CA21BFC1E6F5AB1D77C14C179B46EE8B39FAB65E1E55CD3B0CB5DDE1DBDCBBC1534F8E2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Shqip" filename="albanian.xml" version="6.7.9">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Filet"/>.......<Item menuId="edit" name="Ko&amp;rrigjo"/>.......<Item menuId="search" name="&amp;K.rko"/>.......<Item menuId="view" name="&amp;Shfaq"/>.......<Item menuId="encoding" name="K&amp;odimi"/>.......<Item menuId="language" name="&amp;Gjuha"/>.......<Item menuId="settings" name="&amp;Rregullimet"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Ekzekuto"/>.......<Item menuId="Plugins" name="Shtojca"/>.......<Item menuId="Window" name="Dritare"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Hap dosjen e p.rmbajtjes"/>.......<Item subMenuId="file-closeMore" name="Mbyll m. tep.r"/>.......<Item subMenuId="file-recentFiles" name="Filet e fundit"/>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\arabic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (356), with CRLF, CR line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):76842
                                                                                                                                                                                                                Entropy (8bit):5.403660944154806
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:YzfKzz0KIjoUZb0zO/1/OUzUt6Rj1ZPjuPbMxkRHraR8spAe:15M1/OtBbMxkRLahj
                                                                                                                                                                                                                MD5:2B738896CB3B34D0364A5C5DDBF10471
                                                                                                                                                                                                                SHA1:D8A716D2AA65E13685CFE42CD72A3084363969DD
                                                                                                                                                                                                                SHA-256:8116EC23550DF70EED8DED13EAB208FC703A7344DCFBBA4FA5043BB63ED487C4
                                                                                                                                                                                                                SHA-512:6991FEA418F45F2E9F741B62EDC1288CE994AD3A862A71F80444F5A56D36C4C8EB500B55B77E5F02D3BD5268668B2F5D7D32902E1DD31878A64DCB22643C1C9C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>.. .. URL: https://www.w3schools.com/xml/xml_syntax.asp.. - &#xD; is (\r) new line .. - &gt; is (>) and &lt; is (<).. - &amp; is (&).. - &apos; is (').. - &quot; is (").. -->..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Arabic" filename="arabic.xml" RTL="yes" editZoneRTL="no" version="7.7.2" -->...<Native-Langue name="Arabic" filename="arabic.xml" RTL="yes" version="7.7.2">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;..."/>.......<Item menuId="edi

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\aragonese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (785), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):43935
                                                                                                                                                                                                                Entropy (8bit):5.180126936861544
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Mz2urr8cZRclNTdvf6vHJmH8dyDxcRNf8WzhMmro1uaYm85Pf:MiG7YM/JmH8dQxcn8MhsuQ85Pf
                                                                                                                                                                                                                MD5:AA7A40CDFD58F398693EF69987D335D4
                                                                                                                                                                                                                SHA1:23946B7AA85AB4EC0FA0B6287F106F9907739878
                                                                                                                                                                                                                SHA-256:AE6AC98C3F17B953ACF0E4061CE5F964DF840D8E6FCF085120220023BEEE8452
                                                                                                                                                                                                                SHA-512:A2DA86E49EC35C34EA17A7BEE2790EED4C7A5383D3400585359AF3F9C84342B01D83F30D68FD25FFD61D4CE7186ACF1867DA896D565AD7AD54C0FE877749F903
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Aragonese localization..for Notepad++ 6.4.5..Updated 28 Sept 2013..By Ches....s D. Trigo [xuxinho7@gmail.com] & softaragones [softaragones@softaragones.org]..-->..<NotepadPlus>...<Native-Langue name="aragonese" filename="aragonese.xml">....<Menu>.....<Main>......<Entries>.......<Item menuId="file" name="&amp;Fichero"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Mirar"/>.......<Item menuId="view" name="&amp;Veyer"/>.......<Item menuId="encoding" name="Co&amp;dificaci....n"/>.......<Item menuId="language" name="&amp;Luengache"/>.......<Item menuId="settings" name="Co&amp;nfiguraci....n"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;xecutar"/>.......<Item menuId="Plugins" name="C&amp;omplementos"/>.......<Item menuId="Window" name="F&amp;inestras"/>......</Entries>.......... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyT

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\aranese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16637
                                                                                                                                                                                                                Entropy (8bit):5.131942059833548
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:hA7CeIc/42pl5Xwe6Cb9h1R0sd/vW40AZp8jWv3PYelOvFLldexe7cQYdta/FFOh:hG7pf5Xwe6AtZpXQLtYVKZatfbUe
                                                                                                                                                                                                                MD5:19BB9F15D21DD89ADF0CECE3203FFF77
                                                                                                                                                                                                                SHA1:0FEFDC4460A591987DC37B5A8FA5085AE05A2A2A
                                                                                                                                                                                                                SHA-256:CB1DBA6EE8BE55CFB7EDD70F8678C084643FC0F384F98F248B1EEB2A4A5EDAAA
                                                                                                                                                                                                                SHA-512:70E28CE833475A7C154C5DB3A6BB3DCAF843CC5D5E3F34FFB0B6FC6697FE90DD816B071F146CD9E97536D7F1FEB37397376D23A849ADB7822DBDBD9A5FC60F02
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>...<Native-Langue name="Aranese" filename="aranese.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Archiu"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Cercar"/>.......<Item menuId="view" name="&amp;Veir"/>.......<Item menuId="encoding" name="Fo&amp;rmat"/>.......<Item menuId="language" name="&amp;Lenguatge"/>.......<Item menuId="settings" name="Con&amp;figuracions"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="La&amp;n.ar"/>.......<Item menuId="Plugins" name="&amp;Peda.i"/>.......<Item menuId="Window" name="&amp;Hiestra"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Comprimir eth niv.u"/>.......<Item subMenuId="view-uncollapseLevel" name="Expandir eth niv.u"/>......</SubEntries>........ all menu item -->......<Comman

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\azerbaijani.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27635
                                                                                                                                                                                                                Entropy (8bit):5.290579231517859
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nMp38joViIIs12cgkSJ08Vxf3cizYtq8rK7SL48FMZFydOaEIA6k9b9AOS71cDjT:nMZpQk4z8MZOyO9IjxV3KqLvq8fse
                                                                                                                                                                                                                MD5:16FDD2B783C711DDC050CDDE5B0BF58B
                                                                                                                                                                                                                SHA1:970141B5DE0573C87E0A76A78BF971E6E355E3AD
                                                                                                                                                                                                                SHA-256:89FE78EFA8F04774F4F42474A4D209D5BDEBC7382E49C4AE9618088A85CCBB2D
                                                                                                                                                                                                                SHA-512:BFB04B69DAEFB515BC8B01E4DC357E980130146F6EC0687512EE8BA40BE93981EF787EF9B7B737B89652227BF52E99F3D9B48FA425ED0D28184F2017FFDB34FB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Az.rbaycan" filename="azerbaijan.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="Fayl"/>.......<Item menuId="edit" name="Redakt."/>.......<Item menuId="search" name="Axtar"/>.......<Item menuId="view" name="G.r.n.."/>.......<Item menuId="encoding" name="Kodla"/>.......<Item menuId="language" name="Sintaksis"/>.......<Item menuId="settings" name="Nizamlar"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="... sal"/>.......<Item menuId="Plugins" name="Plaginl.r"/>.......<Item menuId="Window" name="P.nc.r."/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Buffer. kopiya et"/>.......<Item subMenuId="edit-indent" name="Abzas"/>.......<Item subMenuId="edit-convertCaseTo" name="H.rifl.rin registerini d.yi."/>.......<Item subMenuId="edit-lineOperat

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\basque.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (365), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):87185
                                                                                                                                                                                                                Entropy (8bit):5.163399615098203
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:cLTLPqauoRUBVikyQySAbbI2hjjisdXlpCe:cOoRUBVikyQybb1UsdX75
                                                                                                                                                                                                                MD5:C4F012A9FF57B29A2AB3C552BC0CB164
                                                                                                                                                                                                                SHA1:11427E812A4CC751BEABC269C71A91FCD3344D4A
                                                                                                                                                                                                                SHA-256:D963B545520CE104C91CF0F6FC21BA932EFAADFE8A2C03A90490F81A9EFB1B93
                                                                                                                                                                                                                SHA-512:F16D26337E436A91AD643E14C7C5A6FF5170BB564783A8A7FFF4C1BB8512710A2CD05A9CE7010F7E12E7A11C09190921C688AA8DFDFED9EE3F2AD63F0E9C2C78
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name="Basque" filename="basque.xml" version="8.3.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fitxategia"/>.......<Item menuId="edit" name="&amp;Editatu"/>.......<Item menuId="search" name="&amp;Bilatu"/>.......<Item menuId="view" name="Ik&amp;usi"/>.......<Item menuId="encoding" name="&amp;Kodifikazioa"/>.......<Item menuId="language" name="&amp;Hizkuntza"/>.......<Item menuId="settings" name="E&amp;zarpenak"/>.......<Item menuId="tools" name="&amp;Tresnak"/>.......<Item menuId="macro" name="&amp;Makroa"/>.......<Item menuId="run" name="E&amp;xekutatu"/>.......<Item menuId="Plugins" name="&amp;Pluginak"/>.......<Item menuId="Window" name="&amp;Leihoa"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Ir

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\belarusian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):116152
                                                                                                                                                                                                                Entropy (8bit):5.458387519445203
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:WLKmnu/goo5zBvZCYW9W5nlPmsik+GO88I7cC4ISXZ+Gg+uDPYwYv++z6VVLD6e9:WHnWYWoO88I7cC4ISfWg6VVLD6eqIrr
                                                                                                                                                                                                                MD5:1805089EDE42AD40715F7FE43B3571DB
                                                                                                                                                                                                                SHA1:B9D175A00F4520C8E89401682E01AD71EC45F317
                                                                                                                                                                                                                SHA-256:08C3DF713CB24F97144FD506C6B07A50DDCEA5518BA6D7CAABAFE24F58B006C5
                                                                                                                                                                                                                SHA-512:EEBA8D4E185DDF31B82478C6D345BB36A6D594637F9350133D014BB9138A8A805FB0A82FDD4F3EDAAD81831B85D21FA9BC099E2A01A0FBDE89FA8ED15A71CD3A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name=".........." filename="belarusian.xml" version="8.4.6">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="......"/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="......"/>.......<Item menuId="encoding" name="........."/>.......<Item menuId="language" name="........."/>.......<Item menuId="settings" name="......"/>.......<Item menuId="tools" name="..........."/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="........"/>.......<Item menuId="Plugins" name="......."/>.......<Item menuId="Window" name="...."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\bengali.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):58583
                                                                                                                                                                                                                Entropy (8bit):5.131904211175118
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:hGflh+sclCc/jgJeZzXM2MymdgoMo3TWrXFC+e:helctjGeZzix3T8C+e
                                                                                                                                                                                                                MD5:24D3DCEEFDD6847AEE0BDC200F1CC4A5
                                                                                                                                                                                                                SHA1:B65423C5EA51FF8D0F29120A5A686E8152562D7F
                                                                                                                                                                                                                SHA-256:AF25815F922DBF6F2791F975CA32C2509809FB24931CA4CCACFB06FE108E300E
                                                                                                                                                                                                                SHA-512:A8F8B29CFC6F2232739D130A53A2D19CD1FD51AC95A6DC1C57AFACDD987CD4F506D73FDA392018BE8235270352BF9FE9F8DE07884B1429F1B2A0148315FF0528
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>...<Native-Langue name="......" filename="bengali.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....... ..."/>.......<Item menuId="search" name="&amp;........."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;......."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="&amp;......."/>.......<Item menuId="macro" name="........"/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name="......."/>.......<Item menuId="Window" name="......"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".... ...."/>.....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\bosnian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27222
                                                                                                                                                                                                                Entropy (8bit):5.115716374696929
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:QKownzknjJkjYeRIwTPWH3XNMLkLqaX5QE+f1ALPYW85HL:QKowDjYeLeH3dMwqaXx+I0L
                                                                                                                                                                                                                MD5:5DEBAF680F16F521F6283486E8E857A1
                                                                                                                                                                                                                SHA1:927C6FA14581D4EA26313FD0FC2E6EE62CAFF99B
                                                                                                                                                                                                                SHA-256:AD39AE78687DC1B24B9E5FE68662C6C664CD027CE2BCF5256DA78864192A078F
                                                                                                                                                                                                                SHA-512:88BCD23B4F9EDE82D2BD5CD360139DFABB67C800792C10CC1CC7E8F9EAE403AD08457F0808BB03AC86A673ACA87D161E450FBEE7D84D496AC693AF4768DD35EC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>....<NotepadPlus>...<Native-Langue name="Bosanski" filename="bosnian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Datoteka"/>.......<Item menuId="edit" name="&amp;Uredi"/>.......<Item menuId="search" name="&amp;Pretra.ivanje"/>.......<Item menuId="view" name="Pri&amp;ka.i"/>.......<Item menuId="encoding" name="For&amp;mat"/>.......<Item menuId="language" name="&amp;Jezik"/>.......<Item menuId="settings" name="Po&amp;stavke"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Pokreni"/>.......<Item menuId="Plugins" name="Dodaci"/>.......<Item menuId="Window" name="Prozor"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Kopiraj u privremenu memoriju"/>.......<Item subMenuId="edit-indent" name="Uvlake"/>.......<Item subMenuId="edit-convertCaseTo" name="Prebaci slova u"/>.......<Item subMenuI

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\brazilian_portuguese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):102816
                                                                                                                                                                                                                Entropy (8bit):5.257130383949212
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:naEDuUNk1DS/5B6dxfTyDAk0mGb9vwlYvWZPEhXpCVwRe:naES85KxBL9vwlVGp3e
                                                                                                                                                                                                                MD5:8A930034A06753A6821BA757D0A1F6BE
                                                                                                                                                                                                                SHA1:80DAE5DC774E60CDC5D9D81E96ADC3FC9957407E
                                                                                                                                                                                                                SHA-256:19BA773E73AB348EAB38D279A978BD70F5BD807EFE42AD8A260DF593A1038D35
                                                                                                                                                                                                                SHA-512:62727A5E9203685AFD67F86A343902952C0EC31E1C5D8ECB0F35FC965D5F36EFD392A24E54861AA52AD83786903C713D12222C5BF81331DF4C14451F7BCA11E1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Brazilian Portuguese by H.lio de Souza and Luxy, updated: Jul 2021, for Notepad++ 8.1.2, last update by Marcello, 10 Mar 2024, for Notepad++ 8.6.5..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Brazilian Portuguese" filename="brazilian_portuguese.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Arquivo"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="Locali&amp;zar"/>.......<Item menuId="view" name="&amp;Visualizar"/>.......<Item menuId="encoding" name="&amp;Formatar"/>.......<Item menuId="language" name="&amp;Linguagem"/>.......<Item menuId="settings" name="Confi&amp;gura..es"/>.......<Item menuId="t

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\breton.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):67044
                                                                                                                                                                                                                Entropy (8bit):5.23031275052803
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nbY/Ch3io5XNAueqPDvysIaH4suns00p0e:kuSoN+BqPDLIeH
                                                                                                                                                                                                                MD5:5E969C2F4A0403AFEF3EA1261BAD61B2
                                                                                                                                                                                                                SHA1:92F99BEC3E4C079199F24CF64162930C3816E39A
                                                                                                                                                                                                                SHA-256:319C742C3543C45D9BE621A9B289AB345DD49633CD466434C0DAFFA9C32504A1
                                                                                                                                                                                                                SHA-512:D25F396E1FE505085E41C3F6FEB53C9A80B30B70E845F1F069534CD708B716E9B9AF4D6A5D1B460CA8EE89F0B49441967FE22903C0BF8CADD751A2CF2AFD7E5E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Brezhoneg" filename="breton.xml" version="7.8.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Restr"/>.......<Item menuId="edit" name="&amp;Aoza."/>.......<Item menuId="search" name="&amp;Klask"/>.......<Item menuId="view" name="&amp;Diskouez"/>.......<Item menuId="encoding" name="&amp;Enkoda."/>.......<Item menuId="language" name="&amp;Yezh"/>.......<Item menuId="settings" name="Ar&amp;ventenno."/>.......<Item menuId="tools" name="&amp;Ostilho."/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;Sekuti."/>.......<Item menuId="Plugins" name="&amp;Luganto."/>.......<Item menuId="Window" name="&amp;Prenestr"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Digeri. an doser a endalc'h"/>.......<Item subMenuId="file-closeMore" name="Serri. +"/>.....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\bulgarian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):143590
                                                                                                                                                                                                                Entropy (8bit):5.271037044965974
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:Euc6cRhRmuneabYHVD2oAjzUwcbNECk5WtmupUqnDRNpnDtHJ2gPyfJzXzQnM4Vn:EuuRhRKzA8wcJ2UXpnDtHJ2LBXFe
                                                                                                                                                                                                                MD5:A694374249E450CF0B71709BA2B89100
                                                                                                                                                                                                                SHA1:0F9FCA9470EBDBE34B6BD553E5AC21E9E62CF777
                                                                                                                                                                                                                SHA-256:E29F1D3ED36FB7D8ED590952AA0CF51CA481707B51FCEE68FED36B4494677799
                                                                                                                                                                                                                SHA-512:6B5EFFC9577F88E24F167FA2132E3ABF1B92C851E7876424138D7A51DBE8BB8E48ABC226B9E305C4F77EA3AF89179C45E2350EF6F117DC9F0B9EC4FBA21AB06A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ========================================== [ Bulgarian localization ] ===\..|..| Translators:.....: 2014.yyyy . Rusi Dimitrov;..| 2007.2012 . Milen Metev (Tragedy);..| Last revision:...: 05.05.2024 by Rusi Dimitrov <npp[at]rdd.anonaddy.com>..|..\========================================================================== -->..<NotepadPlus>...<Native-Langue name="........." filename="bulgarian.xml">....<Menu>.....<Main>...... ....... ...... -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;..........."/>.......<Item menuId="search" name="&amp;......."/>.......<Item menuId="view" name="&amp;......"/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;........."/>.......<Item menuId="settings" name="&amp;........."/>.......<Item menuId="tool

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\catalan.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (403), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):68602
                                                                                                                                                                                                                Entropy (8bit):5.21343661203212
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:uRLsrdgwt06Z2rYdLvJfRtT0YQ/2qW+2YGw6kfMnXLeancWDsIc/ph39e:uR4306Z2w1R1TfVY5Ieacx/pLe
                                                                                                                                                                                                                MD5:5E4120E7483B3CF219321A3AF95C8F90
                                                                                                                                                                                                                SHA1:65DC2B272C96AB89E4DD3D4DBCCDAE1E521A1992
                                                                                                                                                                                                                SHA-256:A25C71DCB2B86283BDC1CD0D8DA4F0A56D68046882A4A4A0F492855904D4B724
                                                                                                                                                                                                                SHA-512:B19EE152A526509BAD70F0394D34B6833A49A66D382E317ACE46D385AEEEBDB98C2BD1B3336E657CC01776FC30FA48F7194C24A369D1C4CA41AA82E24A30E443
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Catalan translation for Notepad++..Updated 10.06.2020, v7.8.7..By Hiro5 <groccat at gmail>..-->..<NotepadPlus>...<Native-Langue name="Catal." filename="catalan.xml" version="7.8.7">....<Menu>.....<Main>......<Entries>.......<Item menuId="file" name="&amp;Fitxer"/>.......<Item menuId="edit" name="&amp;Edita"/>.......<Item menuId="search" name="&amp;Cerca"/>.......<Item menuId="view" name="&amp;Visualitza"/>.......<Item menuId="encoding" name="Co&amp;dificaci."/>.......<Item menuId="language" name="&amp;Llenguatge"/>.......<Item menuId="settings" name="Co&amp;nfiguraci."/>.......<Item menuId="tools" name="E&amp;ines"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;xecuta"/>.......<Item menuId="Plugins" name="C&amp;omplements"/>.......<Item menuId="Window" name="Fine&amp;stres"/>......</Entries>......<SubEntries>.......<Item subMenuId="file-openFolder" name="Obre la carpeta contenidora"/>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\chineseSimplified.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (301), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):88520
                                                                                                                                                                                                                Entropy (8bit):6.149287675141381
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:cL5anBdn2q+wZaGdJbU+r8jJUg/XxV5O58IIMoVTDk2dZPkgiGT5/cyEpG+hG0f:cL4p+wZaGdJbUUMhZRdkHc5wpo0f
                                                                                                                                                                                                                MD5:288151545F8851FBCCB8566B7544D5EC
                                                                                                                                                                                                                SHA1:E283D55F2EC20A179C6445D6DFEDD0A474DF93C8
                                                                                                                                                                                                                SHA-256:A9D95D7D856FFAF5BAB89FA716596259538FF4E4A9AA538BBF7B74D349623216
                                                                                                                                                                                                                SHA-512:66D27227A1338C20239326594AC5A4EDC0920665E2EDBDB9DA7EDE5E9FE984DE07EDCF053B05D6B6C1B07F602D0FCA721F54DC887237DCB6419CA08511253838
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name="...." filename="chineseSimplified.xml" version="8.4.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="..(&amp;F)"/>.......<Item menuId="edit" name="..(&amp;E)"/>.......<Item menuId="search" name="..(&amp;S)"/>.......<Item menuId="view" name="..(&amp;V)"/>.......<Item menuId="encoding" name="..(&amp;N)"/>.......<Item menuId="language" name="..(&amp;L)"/>.......<Item menuId="settings" name="..(&amp;T)"/>.......<Item menuId="tools" name="..(&amp;O)"/>.......<Item menuId="macro" name=".(&amp;M)"/>.......<Item menuId="run" name="..(&amp;R)"/>.......<Item menuId="Plugins" name="..(&amp;P)"/>.......<Item menuId="Window" name="..(&amp;W)"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuI

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\corsican.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):113265
                                                                                                                                                                                                                Entropy (8bit):5.293634098618682
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:/bpRbBWqpnw34HoeAaEXRbRJ4u0OJowk0IQVk7Kw4i4+o8JuvFSeYqA18aEekWIZ:/bpRbBWqpnw34HoeAaEXRbRJ4u0OJowj
                                                                                                                                                                                                                MD5:1BB6A318FD87BA631FD7405B261A4432
                                                                                                                                                                                                                SHA1:1A5837613594793AA4EF9F2FB32ED282E51C5DA1
                                                                                                                                                                                                                SHA-256:DBC70FE5766B412FBEB235D23113F154D417FD29EAA09168CF399A5F5B9D623E
                                                                                                                                                                                                                SHA-512:A5618E46E2CE3745F267394DD1E8BE295CA5BF325E689C8DE73D638214E1E663FFFB46554B609DCADC49BBE9B67725EC4BE3EC227BBB4044B4FE960E5C212675
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print" command...2. All the comments are for explanation, they are not for translation...-->.. ..Additionnal information about Corsican localization:....1. The latest update of Corsican translation file is available here:...https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/corsican.xml....2. History of Corsican translation for Notepad++:.....- Updated in 2024 by Patriccollu di Santa Maria . Sich.: Feb. 5th (v8.6.3), Mar. 10th (v8.6.5), Apr. 30th (v8.6.6)...- Updated in 2023 by Patriccollu di Santa Maria . Sich.: Feb. 24th (v8.5), Mar. 12th (v8.5.1), Mar. 31st (v8.5.2),..... May 7th (v8.5.3), June 9th (v8.5.4), Aug. 1st (v8.5.5), Aug. 7th (v8.5.6), Oct. 7th (v8.5.8),..... Nov. 15th (v8.5.9), Nov. 22nd (v8.6), Dec. 19th (v8.6.1), Dec. 29th (v8.6.1)...- Upd

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\croatian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):106150
                                                                                                                                                                                                                Entropy (8bit):5.291873510068637
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:da9EYBShQQMVOe+BsI+G8Rj4yyq4Op9Je:dHYBQMVOe+Bs7G8TyFo9E
                                                                                                                                                                                                                MD5:DEC9D523F3C7A293F337644EF4293BFD
                                                                                                                                                                                                                SHA1:75DAB430BF8644DE3461D6D3D6884A9C8688E223
                                                                                                                                                                                                                SHA-256:91723C2CA8516AF9C24B2330719841B8865D6C4B57F6357B337C6D9DA23D9814
                                                                                                                                                                                                                SHA-512:DB93209C51872C02D97EBC64145A606DE0DD6A555E065EAD919DB6E63203F9DC2448EB7F1ABB7C88DA7A84CD26231257F6E2D10DBE0744CC2EF133EB927C5BFA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Croatian localization for Notepad++...Updated 24 April 2024 by Elvis Gambira.a (el.gambo@gmail.com)...All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Hrvatski" filename="croatian.xml" version="8.6.6">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Datoteka"/>.......<Item menuId="edit" name="&amp;Ure.ivanje"/>.......<Item menuId="search" name="Pre&amp;traga"/>.......<Item menuId="view" name="&amp;Prikaz"/>.......<Item menuId="encoding" name="&amp;Format"/>.......<Item menuId="language" name="&amp;Sintakse"/>.......<Item menuId="settings" name="P&amp;ostavke"/>.......<Item menuId="tools" name="&amp;Alati"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="Pok&amp;retanje"/>.......<Item menuId="Plugins" name="Doda&amp;ci"/>.......<Item menuId="Window" name="&amp;Kartice"/>......</Entries>....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\czech.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):107637
                                                                                                                                                                                                                Entropy (8bit):5.510981143631275
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:yzcBk+C35fqLkMpMHaME/Ni9en3UCdgWegXH2/VkDs/1wq5:uaWFw4
                                                                                                                                                                                                                MD5:93E7BB018D0910405BF4121BCBD344EE
                                                                                                                                                                                                                SHA1:94F0474BBE15C7D1A08F73B15A0C347F107FF16F
                                                                                                                                                                                                                SHA-256:58F66523C99FB1317EAFB316C0A8EA501ABFDC6950C89E4083E634B038EDED6D
                                                                                                                                                                                                                SHA-512:1F7803F3FD05ED1D8A794379148111FA55B0B28DB0CACFAEAFACB20366BC826B305E0A4266D9C3032213AB06F11CAD4959B1C8E31AC236073E437C25926F4C62
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...- last change: Notepad++ 8.6.5 15/Mar/2024 by Ond.ej M.ller (mullero@email.cz)...- N++ Community QA: https://notepad-plus-plus.org/community/topic/87/czech-translations...- contributors: Ond.ej M.ller (mullero@email.cz), Tom.. Hrouda (gobbet@centrum.cz), Martin Darebn. (darBis)...- the most recent version of this file can be downloaded from the project master-branch here: https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/czech.xml..-->..<NotepadPlus>...<Native-Langue name=".e.tina" filename="czech.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Soubor"/>.......<Item menuId="edit" name=".&amp;pravy"/>.......<Item menuId="search" name="&amp;Naj.t"/>.......<Item menuId="view" name="&amp;Zobrazit"/>.......<Item menuId="encoding" name="&amp;Form.t"/>.......<Item menuId="language" name="Synta&amp;xe"/

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\danish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):84733
                                                                                                                                                                                                                Entropy (8bit):5.249188662057102
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:WLEOlLUF7fpzjs3TS1wA8KrpUIB91FzKaNx3za6y31DfzbxULY6hc5OJTC9PtU/F:WLJ0pf0fIB91FzKaNx3JyZLPU/1Apbne
                                                                                                                                                                                                                MD5:278EFD7D6098904FC2D7E763D7EDC823
                                                                                                                                                                                                                SHA1:69B1C276E63A8068A9C1F1B72D0ABEC44587FA0C
                                                                                                                                                                                                                SHA-256:D97CFEC33139A1E032C8CB35BD78AA666DB8D88BC8D5D032359A4C79551BBFC4
                                                                                                                                                                                                                SHA-512:440367E1DDD4C99F7AF2425C014D5B659CA780207E935498BA9347DAB466FAE910855C67A515D786360A7D7F29DA3F4613812AE0966633500EC598C9EADFB7D2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name="Dansk" filename="danish.xml" version="8.5.2">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Filer"/>.......<Item menuId="edit" name="R&amp;ediger"/>.......<Item menuId="search" name="&amp;S.g"/>.......<Item menuId="view" name="&amp;Vis"/>.......<Item menuId="encoding" name="Kod&amp;ning"/>.......<Item menuId="language" name="S&amp;prog"/>.......<Item menuId="settings" name="Inds&amp;tillinger"/>.......<Item menuId="tools" name="V.&amp;rkt.jer"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;K.r"/>.......<Item menuId="Plugins" name="P&amp;lugins"/>.......<Item menuId="Window" name="V&amp;induer"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".bn kildemappe"/>

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\dutch.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):102883
                                                                                                                                                                                                                Entropy (8bit):5.181209026194563
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:kKzzMfcBpAjbBgjvcm3U8CIHBDYD6pBmXgqKryj6ogXc54MnjGnYN6e5hB6t1x/u:kKU4pAjNgjvczfrjbb5Xy1x/YX2pm3f
                                                                                                                                                                                                                MD5:D5D7F92D18BB4A5F1645869E5C7FB26A
                                                                                                                                                                                                                SHA1:2DC6196191A127480D5ED9A0C1553021C31A81F0
                                                                                                                                                                                                                SHA-256:4AC96869C9DEA9EB43895D29BE59AE8D42C1E3FDBB49CA311041FEBD57C3C1EC
                                                                                                                                                                                                                SHA-512:B6521C8E250AF99C9CF8D11C776FB12EF6CFF13EA5401F36D827CB49A08C19E525C52D2E5659AD6DDC71CE6CF57837E44D4BEB38DD4BC7FDCD3D90F84F3105AD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation.....Dutch localization for Notepad++..Modifications until 2018-03-26 by Klaas Nekeman (knekeman(at)gmail.com)...Modifications until 2020-05-26 by xylographe <wr86420@gmail.com>...Modifications from 2021-01-28 and onwards by Thomas De Rocker (RockyTDR, notepadplusplus(at)rockytdr.33mail.com)....Last modified on 2023-12-20 by Thomas De Rocker (RockyTDR)...-->..<NotepadPlus>...<Native-Langue name="Nederlands" filename="dutch.xml" version="8.6">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Bestand"/>.......<Item menuId="edit" name="Be&amp;werken"/>.......<Item menuId="search" name="&amp;Zoeken"/>.......<Item menuId="view" name="B&amp;eeld"/>.......<Item menu

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\english.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):96260
                                                                                                                                                                                                                Entropy (8bit):5.23856623312876
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yaUC0HdGDBsGXSXSelm8ryGB4bNBWRyKggENXneY69YWBlAzF6+pNPYmaf:yaz099GRelkQ4bxKgtneY6LAZ6+p9af
                                                                                                                                                                                                                MD5:7DE4504DAE7AED90E346581420B1BD65
                                                                                                                                                                                                                SHA1:4051DD54CD7880F7734573812DE1238055BB6ADB
                                                                                                                                                                                                                SHA-256:DD7DC850A79D24FA6035387BFCE2258367BCA3760DA6499C3A408101AE43B901
                                                                                                                                                                                                                SHA-512:168ADF3E11CA5835CD52BEC65BA51DA39FAC6BC5ECBE28622D0DF562DC57CAE54E88E190460C2B3EF91CD1D4D1DF38B51A75C2CDC4796AAD2F3CE47B4D6AB515
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="English" filename="english.xml" version="8.6.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Edit"/>.......<Item menuId="search" name="&amp;Search"/>.......<Item menuId="view" name="&amp;View"/>.......<Item menuId="encoding" name="E&amp;ncoding"/>.......<Item menuId="language" name="&amp;Language"/>.......<Item menuId="settings" name="Se&amp;ttings"/>.......<Item menuId="tools" name="To&amp;ols"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="&amp;Run"/>.......<Item menuId="Plugins" name="&amp;Plugins"/>.......<Item menuId="Window" n

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\english_customizable.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):95930
                                                                                                                                                                                                                Entropy (8bit):5.238349078490878
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yanC0zdGDnsGXSXdblm8ryGB4bNBWRyKggENXneY69YWBlAzF6+pLPYmaf:yaC0JdGeblkQ4bxKgtneY6LAZ6+pTaf
                                                                                                                                                                                                                MD5:42B7812D6322F4658751E10F13A2E97E
                                                                                                                                                                                                                SHA1:17F2F8C394BC9D98DEEE30B48F23D9E9E5201743
                                                                                                                                                                                                                SHA-256:54ED075B89A7780043ED8729DFC6FE541EF79390943BCF2D2F9F33064EEF66FB
                                                                                                                                                                                                                SHA-512:D09A0F04FE0849DD328F8784A36589635E23AAB431ABD279263B5B9D785162491585884FAFE035E8588F3EB6EF583D9AAFE15572421429C6009D53B2572392F4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="English" filename="english_customizable.xml" version="8.6.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Edit"/>.......<Item menuId="search" name="&amp;Search"/>.......<Item menuId="view" name="&amp;View"/>.......<Item menuId="encoding" name="E&amp;ncoding"/>.......<Item menuId="language" name="&amp;Language"/>.......<Item menuId="settings" name="Se&amp;ttings"/>.......<Item menuId="tools" name="To&amp;ols"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="&amp;Run"/>.......<Item menuId="Plugins" name="&amp;Plugins"/>.......<Item menu

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\esperanto.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (463), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):47754
                                                                                                                                                                                                                Entropy (8bit):5.163799473406582
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:ooJnxIG0dWM0lA9U74t+8FN/nbiWjUnCR2/yAlhzfmGj8N+uiUGCtUmZuwRJYyLg:HJnO10MOCEvTe6twUMUoGb0894m
                                                                                                                                                                                                                MD5:0F8D89D82B896172E0A225EC739D9752
                                                                                                                                                                                                                SHA1:2EA49D996DA9B144BCEE8DD2F27F9030F5EDA1EC
                                                                                                                                                                                                                SHA-256:321E0E8AC53E6062496A519CEC3034BE8C4AF2E5108427AAC7F8B65D749155E0
                                                                                                                                                                                                                SHA-512:F488207DE9A16061A1A75F2BDEAABE41ADA6B662FCC1DC7F9014D749EF3F8B772A7D2F47CEBD9369489E73F0BEFBBBE2343E0F42D472E19B775C37037A41910A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Francesco Costanzo: invincibile(.e)users.sourceforge.net...Unua traduko: decembro 2010 (v5.8.6) - unua publikigo: v5.8.7...Lasta .isdatigo: la 9an de majo 2014, v6.6.2...Korajn dankojn al tiuj, kiuj konigis rimarkojn kaj erarojn....Pli da informoj .e la fino de la dokumento...*********** BONAN LABORADON KUN NP++! :) ***********..-->..<NotepadPlus>...<Native-Langue name="Esperanto" filename="esperanto.xml">....<Menu>.....<Main>...... .efaj menuoj -->......<Entries>.......<Item menuId="file" name="&amp;Dosiero"/>.......<Item menuId="edit" name="&amp;Redaktado"/>.......<Item menuId="search" name="&amp;Ser.ado"/>.......<Item menuId="view" name="&amp;Vido"/>.......<Item menuId="encoding" name="Signar&amp;kodo"/>.......<Item menuId="language" name="&amp;Lingva.o"/>.......<Item menuId="settings" name="&amp;Agordoj"/>.......<Item menuId="macro" name="&amp;Makroo"/>.......<Item menuId="run" name="&amp;Lan.ado"/>.......<Item menuId="Plug

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\estonian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):47332
                                                                                                                                                                                                                Entropy (8bit):5.12410656592598
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:MFCJjsKsDsYms+G2Z/FHx3QpiSX4ENH7e:MkJjJkQ6wSTJe
                                                                                                                                                                                                                MD5:D10807C65DD7F9080DFD2063F0FC1482
                                                                                                                                                                                                                SHA1:7DBB40D816F36F6004CFE0A29982E1B8C0C389B2
                                                                                                                                                                                                                SHA-256:0E6BCC2AD0CB68E2B39A7804C6DB59BDF0251680F630C85B53A9B71F9A623BF6
                                                                                                                                                                                                                SHA-512:969E0E41BD0F6867765734B3AC7C4ED8CD91384C1B1A9A9055B0DDC18BB551B75FED7CABB67F5711C4D0F4B69D8CE9D7A081B34C4EAA3A6140A12865F7AE7795
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Estonian translation by Andres Traks..https://github.com/AndresTraks/..-->..<NotepadPlus>...<Native-Langue name="Estonian" filename="estonian.xml" version="7.3.1">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fail"/>.......<Item menuId="edit" name="&amp;Redigeeri"/>.......<Item menuId="search" name="&amp;Otsi"/>.......<Item menuId="view" name="&amp;Vaade"/>.......<Item menuId="encoding" name="Ko&amp;deering"/>.......<Item menuId="language" name="&amp;Keel"/>.......<Item menuId="settings" name="&amp;S.tted"/>"/>.......<Item menuId="tools" name="T&amp;..riistad"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="K.ivita"/>.......<Item menuId="Plugins" name="Pluginad"/>.......<Item menuId="Window" name="Aken"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Ava faili sisaldav kaust"/>.......<I

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\extremaduran.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20428
                                                                                                                                                                                                                Entropy (8bit):5.09546734339474
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nKtoy23gJQXH6tHJ4jnIJJw6msa/2+Aoe:nFH6t9OsGe
                                                                                                                                                                                                                MD5:73556025D982B3E02C8F427E0EF806D5
                                                                                                                                                                                                                SHA1:6F13557E667735B38F182DDDB9ED54ADF1458F46
                                                                                                                                                                                                                SHA-256:9776B0CD6DC0D4987DC6C722032CB998B4A929863A352D0EC85E9918ECADC51F
                                                                                                                                                                                                                SHA-512:C870315D9BC19663859E80BD716C915BBC2C15514F0D79401A1D35FBD5E3DCCB343E1BDC40D6F3F6054DEB7D9B7FC37E1E6642F0C1666AD9EEAD1AF926124FD9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Estreme.u" filename="extremaduran.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="A&amp;rchivu"/>.......<Item menuId="edit" name="&amp;Eital"/>.......<Item menuId="search" name="&amp;Landeal"/>.......<Item menuId="view" name="&amp;Vel"/>.......<Item menuId="encoding" name="Hor&amp;matu"/>.......<Item menuId="language" name="L&amp;uenga"/>.......<Item menuId="settings" name="&amp;Configurazi.n"/>.......<Item menuId="macro" name="Macru"/>.......<Item menuId="run" name="Ehecutal"/>.......<Item menuId="Plugins" name="'Plugins'"/>.......<Item menuId="Window" name="Ventana"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Estrechal el nivel"/>.......<Item subMenuId="view-uncollapseLevel" name="Espandil"/>......</SubEntries>........ all menu item -->......<Commands>.......<Item id="410

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\farsi.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):53291
                                                                                                                                                                                                                Entropy (8bit):5.370388760460584
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:5ecYeRJJydvikrs1l2Z/93lRq2TFbGciOnBje:5eZeXJyVrs1l2Z/93lRq2TFzigBje
                                                                                                                                                                                                                MD5:25A4F22C991832B8086CC6589F16A3D3
                                                                                                                                                                                                                SHA1:81A480CEF8369C5595E037C5EE88648D8AEA4378
                                                                                                                                                                                                                SHA-256:8C04969DBB4A7EED05FAA79A25D561F6A7DF312AA414339C3307E6FAC83C054F
                                                                                                                                                                                                                SHA-512:0033E931FE329B71552CB3109F91B58650021B806F67A05BCBB0EA578A3F619C58378854790D4401C76B202A5B23D87B683A3E1A40687DD49BAFA5BFF21B307F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Farsi" RTL="yes" editZoneRTL="no" filename="farsi.xml" version="7.0" -->...<Native-Langue name="Farsi" RTL="yes" filename="farsi.xml" version="7.0">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="......"/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="......"/>.......<Item menuId="encoding" name="........"/>.......<Item menuId="language" name=

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\finnish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):85463
                                                                                                                                                                                                                Entropy (8bit):5.198350176218129
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:tVgdWQJEqrKrYq22vNQKDSNehi1rjDShAEpJBj6JMrl1w/U7Qzyl7pSKpL:tmoqmrYqTFYNehixOoU7dl7pLpL
                                                                                                                                                                                                                MD5:F71562666EFECEC28F7DC1178F5E375E
                                                                                                                                                                                                                SHA1:DABC62171CB974787CB550A64606510930B5BE8A
                                                                                                                                                                                                                SHA-256:F5BD518A61D786D5C05856D70BC1353759261BDF71991162141BC7AC2AD77299
                                                                                                                                                                                                                SHA-512:C7D2291B4D2B5E472436E8CE7BDAB197A7588802028D6A71693EA1C8223C05731CE871C78E2738DBD38ECE753BE0CDB5A3AE4495B9EFE628C9BF123A67348934
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. Finnish translation for Notepad++..Updated to v8.6 fixed version..-->..<NotepadPlus>...<Native-Langue name="Finnish" filename="finnish.xml" version="8.6">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Tiedosto"/>.......<Item menuId="edit" name="&amp;Muokkaa"/>.......<Item menuId="search" name="&amp;Etsi"/>.......<Item menuId="view" name="&amp;N.yt."/>.......<Item menuId="encoding" name="Tiedostom&amp;uoto"/>.......<Item menuId="language" name="&amp;Koodikieli"/>.......<Item menuId="settings" name="&amp;Asetukset"/>.......<Item menuId="tools" name="Ty.&amp;kalut"/>.......<Item menuId="macro" name="Mak&amp;ro"/>.......<Item menuId="run" name="&amp;Suorita"/>.......<Item menuId="Plugins" name="&amp;Liit.nn.iset"/>.......<Item menuId="Window" name="&amp;Ikkuna"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Avaa kansi

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\french.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):107499
                                                                                                                                                                                                                Entropy (8bit):5.224276392947026
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:yaKZDfWn8a4Vs/l9KZLagLMK6Dd1JDpSf:yJDfW3osULazd1JtY
                                                                                                                                                                                                                MD5:3C68E390068925D34B46A1C6D3CB367D
                                                                                                                                                                                                                SHA1:362963B8A16E8811BFCA5C309A255F61809A33AA
                                                                                                                                                                                                                SHA-256:120BBB49585B6F602014E4357E7E68D73C4BC807D461509CAB07C27957E50C6A
                                                                                                                                                                                                                SHA-512:583AACFA964ACAE5DF1C2564D3D61C4D39EF1E1FE3329A84C28F7A4BF0F21D5180B90EBAEA7C19BFAA6285957F6497DC879DFFA0AEECDF6B46C422E1AC38F41E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="fran.ais" filename="french.xml" version="8.6.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fichier"/>.......<Item menuId="edit" name="&amp;.dition"/>.......<Item menuId="search" name="&amp;Recherche"/>.......<Item menuId="view" name="&amp;Affichage"/>.......<Item menuId="encoding" name="E&amp;ncodage"/>.......<Item menuId="language" name="&amp;Langage"/>.......<Item menuId="settings" name="&amp;Param.tres"/>.......<Item menuId="tools" name="&amp;Outils"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;x.cution"/>.......<Item menuId="Plugins" name="Modules d'ex&amp;te

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\friulian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):27785
                                                                                                                                                                                                                Entropy (8bit):5.083309736761883
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nhADmxHGLck1I5q6+aoPy1Y/ZtQSBHFlYNPe0vXVbme:nK6xB/5BwZtZRFlA9me
                                                                                                                                                                                                                MD5:AA74CA424AE6104B145E8D3B945A7CB9
                                                                                                                                                                                                                SHA1:CE582F8CEE3DC6BB9D4CFEA32C8B0D0DB5449F4D
                                                                                                                                                                                                                SHA-256:0BA08E38BB9967D800503D321554C3C48E492F5AF9FC90F75195D1DE28E9D175
                                                                                                                                                                                                                SHA-512:F225E8B394ABE82558A0FE9A6F0AB3B3A1EF67525CD0A8EC647D74E8A45A50AC6F81FE3BADACF5B844F2F8871CAC93994837CB97BFCAF3381C973655091A9C3E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Furlan" filename="friulian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="Mo&amp;difiche"/>.......<Item menuId="search" name="&amp;C.r"/>.......<Item menuId="view" name="&amp;Viodude"/>.......<Item menuId="encoding" name="For&amp;m.t"/>.......<Item menuId="language" name="&amp;Lenga."/>.......<Item menuId="settings" name="&amp;Impostazions"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="Invie"/>.......<Item menuId="Plugins" name="Plugins"/>.......<Item menuId="Window" name="Barcon"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Copie tai Aponts"/>.......<Item subMenuId="edit-indent" name="Indentazion"/>.......<Item subMenuId="edit-convertCaseTo" name="Conversion Maiuscul/Minuscul"/>.......<Item subMenuId=

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\galician.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):103802
                                                                                                                                                                                                                Entropy (8bit):5.214306185946142
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yagUxqr6xZ69cdM0A6Dooxn+wlNmWKMFELCDJAwJ+ZyvG5uipAzYe:yaz4hr6FxJ1QCFLMZxHpAEe
                                                                                                                                                                                                                MD5:3D9E1CF9BBA113CDF585921AF9515EF2
                                                                                                                                                                                                                SHA1:457CEE9019D3C4AF39E221746FA5DC19C81F1562
                                                                                                                                                                                                                SHA-256:EF7105D97158B96EDEFBB40B9273AC265E444652445CCE3B19ECF13D7180DF74
                                                                                                                                                                                                                SHA-512:9AD00859F856561F47597F70707A8C438323096429D2739183831E841DA23D23D1E5B06729DD087EFC7F010A5AE5B8637387F50F2FE3D528519BED373F84F6FD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Galego" filename="galician.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Arquivo"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Buscar"/>.......<Item menuId="view" name="&amp;Vista"/>.......<Item menuId="encoding" name="Co&amp;dificaci.n"/>.......<Item menuId="language" name="&amp;Linguaxe"/>.......<Item menuId="settings" name="C&amp;onfiguraci.n"/>.......<Item menuId="tools" name="&amp;Ferramentas"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;xecutar"/>.......<Item menuId="Plugins" name="Complemen&amp;tos

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\georgian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):50925
                                                                                                                                                                                                                Entropy (8bit):4.800534182370987
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:pkXURDzwQA7IhAK/TKIDK6HweoEdByDFrohFJF7FF/jQw3vlSyf8+wKBoo/+G9BM:psa/4u1e
                                                                                                                                                                                                                MD5:C21811DE2B3EAE48DC092216CB105CC8
                                                                                                                                                                                                                SHA1:387FBD1437ADDC75308B9680CC89A4C513A35F69
                                                                                                                                                                                                                SHA-256:714EBAE36CC13D8E2A315A829528ED0145A5164E607BB100C50D86D9F3327223
                                                                                                                                                                                                                SHA-512:7D0D03E9F8DAFC9681F113669A9CAC680F86C0FF4FC52C58FFA07869EBE69A9192891A8F2CBAFCB93139B41FB73C65A35F8E0986460E421DA30B42A8715F0FC6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Georgian localization for Notepad++ 6.2.3...Translated By UGLT....Contact Us: info@uglt.org..-->..<NotepadPlus>...<Native-Langue name="......." filename="georgian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;....."/>.......<Item menuId="edit" name="&amp;.........."/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;...."/>.......<Item menuId="encoding" name="&amp;........"/>.......<Item menuId="language" name="&amp;........"/>.......<Item menuId="settings" name="........"/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name="......."/>.......<Item menuId="Plugins" name=".........."/>.......<Item menuId="Window" name="......."/>......</Entries>........<!

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\german.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF, CR line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):104730
                                                                                                                                                                                                                Entropy (8bit):5.298621817406942
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:y0/rJU2l3ovVpz1B995hdRmLveg+Qbp0Jq6p/QT9m0S//pldeMbvA0KMusiJjvpI:yq1UwovVppkCeMbY0adRdC
                                                                                                                                                                                                                MD5:25736DAA29A3F5817E958E6D5F80C0C3
                                                                                                                                                                                                                SHA1:7920E5B69774834B40592433C472F3C49FC04021
                                                                                                                                                                                                                SHA-256:CF7086E76B178C073026A2AA50C2C522927BDE07826548A3702CBC91BE73662C
                                                                                                                                                                                                                SHA-512:FE5AA8271D3C0AADDC621302B37551267FF2B6303E8900A2128F771C0604080C5A68BBA94728E26BE4BF5329AF170B1506C28BFFC20C24388193B1D652E74349
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation......German localization for Notepad++.....Please report errors, suggestions etc. here: https://github.com/notepad-plus-plus/notepad-plus-plus/issues...Check actual pull requests here too: https://github.com/notepad-plus-plus/notepad-plus-plus/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+german.....The most recent version of this file can usually be downloaded from:...https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/german.xml...or a copy at: http://www.should.keepfree.de/N++/german.xml.txt (rename to german.xml)..-->..<NotepadPlus>...<Native-Langue name="Deutsch" filename="german.xml" version="2024-03-18"> basiert auf english.xml 8.6.5 vom 10.03.2024 -->..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\greek.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):100697
                                                                                                                                                                                                                Entropy (8bit):5.558193119546212
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nxG8X7bWwfkgAIk9gb39bhhccJ/+TKRWUZQcne0i3pse:ZJkxelhpJGrUZQ6Wv
                                                                                                                                                                                                                MD5:2A0ADF6DF6B924E5D7003F8FED0C3B54
                                                                                                                                                                                                                SHA1:4427D1AED4D92820AC33F9005295EF8CB69D0B9D
                                                                                                                                                                                                                SHA-256:8A628F5E28C91BF687196ABB82C409F39636030DD10D1B5FD820F065B1C21F47
                                                                                                                                                                                                                SHA-512:0695A03AAF7FC54891FDCC7C5E5D28A18980AC894BC00FBF7D780B510D5C6CF9F2406FE0BF4BD09E0EA64AA08AD2490D7FE925A87FDB536ED818613AB455842E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Greek" filename="greek.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;......"/>.......<Item menuId="edit" name="&amp;..........."/>.......<Item menuId="search" name="..&amp;...."/>.......<Item menuId="view" name="&amp;......."/>.......<Item menuId="encoding" name="&amp;............"/>.......<Item menuId="language" name="&amp;......"/>.......<Item menuId="settings" name="..&amp;......."/>.......<Item menuId="tools" name="........"/>.......<Item menuId="macro" name="..........."/>.......<Item menuId="run" name="........"/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name="........"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-autoCompletion" name="........-...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\gujarati.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):58338
                                                                                                                                                                                                                Entropy (8bit):5.132716889380602
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:hIQwQW88hJiMVEjeS3ekzECKDtgLkO868WiEJx/y+110vYMhKlLeo3TWD8e:hlwQW88hGjen7nDtPdc/3Tk8e
                                                                                                                                                                                                                MD5:B6118285C78BD4F73A5F746EDDC5B394
                                                                                                                                                                                                                SHA1:83AF9AACAB02F22A9A72632D2B0A9CB81BA01784
                                                                                                                                                                                                                SHA-256:B1F499CB892A06F434216FA9B4078D295B8B4AE3620692CA2F619027354E9342
                                                                                                                                                                                                                SHA-512:1B2916B88037DF58242B131A02B5439C2C16EAA4FC2CB9E89A49A4CD666500631D88857C73CD0F85EE9D1749FE786B5B1AD7B454D2ED86F4EB99AC38B585D017
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>...<Native-Langue name="......." filename="gujarati.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;...."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name="......"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="...... ...... ...."/>.......<It

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\hebrew.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):21191
                                                                                                                                                                                                                Entropy (8bit):5.101733028860273
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:/gq+f7e7Igm0PuyosNiC2tGJReu9u72ZgqAf:/gqu7e7Igm0PisdKG6u22ZgqAf
                                                                                                                                                                                                                MD5:C972D84A73ABCABCFB5ADBF8AEDBC26A
                                                                                                                                                                                                                SHA1:756A8B13563D9FD187297F3CB644A733E3A6C716
                                                                                                                                                                                                                SHA-256:E0E03A613B39999AE7C909AD25A8D1D60360507FDBD800E1608203825B1BD64F
                                                                                                                                                                                                                SHA-512:1ACE8A5544505B93515D15E96492B5A3CBAA6E72248983A4938D57F81FAD981952ACEBA46765738F9688B4BF2B65D5806454C07BE51218D484E4308BC1401F74
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Hebrew" RTL="yes" editZoneRTL="no" filename="hebrew.xml" -->...<Native-Langue name="Hebrew" RTL="yes" filename="hebrew.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;....."/>.......<Item menuId="language" name="&amp;..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\hindi.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):97226
                                                                                                                                                                                                                Entropy (8bit):5.118565425293853
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:vlW/m2zaTDLzXEDk6ZL2RV0gcH+FiXQXvejb0A2p4fe:vI/m6aTDLzXEw6ZLCxceFiXKp4fe
                                                                                                                                                                                                                MD5:B6034AAB105540F785639BF9BC25328A
                                                                                                                                                                                                                SHA1:95D6E36D957C9FD6CAC9EC2C390D13570F2AE8AD
                                                                                                                                                                                                                SHA-256:ABEE28492CFEFABFC588B7AD72346E1D5EEEFF58DBD79A61664F12C06175CCF3
                                                                                                                                                                                                                SHA-512:5E543E7B6A6861099A5AB1E54F22FD5078B68A28B406DCA2DF8AC85321D1C1E68D54081595313472863E6025DD9722A8928E46C260835EC9DC2865324EAB8198
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ...::Hindi language file for Notepad++ ::.....** created By:- Rathin A. Dholakia **....Email- rathin2j@gmail.com...** Last Updated on 22/10/2019 by Rajendra Singh (singh.rajen15@gmail.com) **..-->..<NotepadPlus>...<Native-Langue name="......" filename="hindi.xml" version="7.8.1">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;...."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name="&amp;...."/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="tools" name="....."/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" nam

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\hongKongCantonese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):98768
                                                                                                                                                                                                                Entropy (8bit):6.1851880660719125
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nv7e4F9GAGQJZ9D13FZDlRf8QDhjpqJmrxHpNBeme:nDe4uAGQbVZrDf88jpq41pVe
                                                                                                                                                                                                                MD5:0C8E04033C6B06C7C62D58CD2C0AE1B6
                                                                                                                                                                                                                SHA1:616DD72C0A1C774C3D4EB483B215E55E3034C16D
                                                                                                                                                                                                                SHA-256:2DC2CB5CE2D7E0824F6632DCD641E59C5E974EB698AAC90D87DCAE701D1EF49F
                                                                                                                                                                                                                SHA-512:8AA995C3BAB573311BBC01D33DC4916A51E86A9DC0835BF136A7DB06F7396ADEB3ACD1E9BC18EE6EF0D7A901FEDBE547C2CE500E059185C1CF01FA26021E05B7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="....." filename="hongKongCantonese.xml" version="8.5">.... //.. This localization project is maintained by real Hongkongers who speak native Hong Kong Cantonese... Welcome issues and pull requests in Github repository:.... https://github.com/Edditoria/notepad-plus-plus-localization-hong-kong.. //-->....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="..(&amp;F)"/>.......<Item menuId="edit" name="..(&amp;E)"/>.......<Item menuId="search" name=".(&amp;S)"/>.......<Item menuId="view" name=".(&amp;V)"/>.......<Item menuId="encoding" name="..(&amp;N)"/>.......<Item menuId="language" name="..(&amp;L)"/>.......<Item menuId="settings" name="..(&amp;T)"/>.......<Item menuId="tools" name="..(&amp;O)"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="..(&amp;R)"/>.......<

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\hungarian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (355), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):90006
                                                                                                                                                                                                                Entropy (8bit):5.408163920431674
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:2ZdVfWMW4g9MPFsEx8DoE5Xmw0HWdmsappaxj2S3y/JpejeFc9o2pZ0He:2Rs3ESDo0mlHSTxj2SiYeFctpZ0He
                                                                                                                                                                                                                MD5:C95988ECF9D6474A0F6705FC415297CC
                                                                                                                                                                                                                SHA1:A77CEC6B0B6A95887DA7EB47F87ED2AA70353144
                                                                                                                                                                                                                SHA-256:A4DA3852E057A4B4DCB3ACCFB68D80ADD7DCF2486FA5153172DB641A66BEA21B
                                                                                                                                                                                                                SHA-512:D971D6918738FB0766286B384DC1B169D5B7C8EF3EC471107AC80D0A5D9726A6149474FEA377CB0C6B65A774D8E598304EDD1E9C15F9AAA9BFF681051D6D3F1B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Hungarian Language created by Gy.rgy Bata -->.. Email: batagy.ford kukac gmail pont com -->.. Webpage: http://w3.hdsnet.hu/batagy/ -->.. Forum topic: https://notepad-plus-plus.org/community/topic/80/hungarian-translation-->.. Prohardver topic: https://prohardver.hu/tema/re_notepad/friss.html -->.. For Notepad++ Version 8.4.3, modified on 2022.07.05 -->..<NotepadPlus>...<Native-Langue name="Magyar" filename="hungarian.xml" version="8.4.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;F.jl"/>.......<Item menuId="edit" name="&amp;Szerkeszt.s"/>.......<Item menuId="search" name="&amp;Keres.s"/>.......<Item menuId="view" name="&amp;N.zet"/>.......<Item menuId="encoding" name="K.&amp;dol.s"/>.......<Item menuId="language" name="Ny&amp;elv"/>.......<Item menuId="settings" name="&amp;Be.ll.t.sok"/>.......<Item menuId="tools" name="Es&amp;zk.z.k"/>.......<Ite

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\indonesian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (341), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):91292
                                                                                                                                                                                                                Entropy (8bit):5.2094762664397685
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:mEbpmOFsdejE0pmVK7n47tarGKEbc2D73QlqImCSpytcyfi65p9elnf:mrLMn4JFPsqI1qep9elnf
                                                                                                                                                                                                                MD5:1832FA3BD729110D6D1769981DA581BD
                                                                                                                                                                                                                SHA1:052E6A10D5E919423D19B933BB0F58F9BE2DC134
                                                                                                                                                                                                                SHA-256:B5506F04476B3BF8F02D9A91A6729FD716C792EA5FDCF052F5E6F014DF14B11F
                                                                                                                                                                                                                SHA-512:D70BE8DAC904AB12686424594258834B8D5B746FAF4DE75314B43AE088E2D193C245906E6E266A67FC76C5E7C6C1F1347708B036834484A5523F690B26983680
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Indonesian Translation for Notepad++..Authors: Nicedward(7.5.5); Sahid A.Z.(8.5)..Last modified by Sahid A.Z. on 3/3/2023..-->..<NotepadPlus>...<Native-Langue name="Indonesian" filename="indonesian.xml" version="8.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Berkas"/>.......<Item menuId="edit" name="&amp;Edit"/>.......<Item menuId="search" name="Ca&amp;ri"/>.......<Item menuId="view" name="&amp;Tampilan"/>.......<Item menuId="encoding" name="Pe&amp;ngodean"/>.......<Item menuId="language" name="Ba&amp;hasa"/>.......<Item menuId="settings" name="&amp;Pengaturan"/>.......<Item menuId="tools" name="&amp;Alat"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;Jalankan"/>.......<Item menuId="Plugins" name="P&amp;lugin"/>.......<Item menuId="Window" name="Jen&amp;dela"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\irish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):68111
                                                                                                                                                                                                                Entropy (8bit):5.232954902634097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nK+g7GzG1Qb5RURt15NHhoFXlJnMo4b967QNdnVe10fxehtpKe:n+cGOot1H6Fd4bjnVymxePpKe
                                                                                                                                                                                                                MD5:5214FDFDD8A105DC1DD4303D91405A62
                                                                                                                                                                                                                SHA1:A6FE600C88658EB803C5F03E6EB7159E18F42FA2
                                                                                                                                                                                                                SHA-256:483BA3D2FF4ED227E4AA1A77C8356C0F1AF43A49F1C211DA82B1B791132F4ADA
                                                                                                                                                                                                                SHA-512:D81D5D813E2AB36A65FFC58EBF88B77856F40607D41266F90F80EC7439F0B5727048C30FA97FD1C483F5D2E2F15D8038E288BB65B62555AB096034EDA5CD5EAB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Gaeilge" filename="irish.xml" version="7.8.7">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Comhad"/>.......<Item menuId="edit" name="&amp;Eagar"/>.......<Item menuId="search" name="&amp;Cuardaigh"/>.......<Item menuId="view" name="&amp;Amharc"/>.......<Item menuId="encoding" name="Io&amp;nchod."/>.......<Item menuId="language" name="&amp;Teanga"/>.......<Item menuId="settings" name="So&amp;cruithe"/>.......<Item menuId="tools" name="Uir&amp;lis."/>.......<Item menuId="macro" name="&amp;Macra"/>.......<Item menuId="run" name="&amp;Rith"/>.......<Item menuId="Plugins" name="&amp;Breise.in"/>.......<Item menuId="Window" name="&amp;Fuinneog"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Oscail an fillte.n ina bhfuil"/>.......<Item subMenuId="file-closeMore" name="D.n tuilleadh"/>...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\italian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):103018
                                                                                                                                                                                                                Entropy (8bit):5.160772134804393
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:Jav/+DsM9NZLknpPp3n9klRnpCOm+Wmn+WmHTqpYXe:JSEZLknFp3n9kTpCOm+Wmn+WmHTsYO
                                                                                                                                                                                                                MD5:A2F5681CD3297517662CDF9CD02C347B
                                                                                                                                                                                                                SHA1:94A12521D04933758B574EE83113346501FE0749
                                                                                                                                                                                                                SHA-256:6086F6A6CFDD3358268ADBC698AB43977B8B402CC566BBA6BF66DF5E15605302
                                                                                                                                                                                                                SHA-512:C9AB38BE2262114B1C407E5BA0ED0910771029C947EA4DDA341B4EB7A1B5F5BB8B9971811A7A6D182CC214F5F0A52CAE8DAAAE17B9A21C68F1F931CF1C566C58
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version = "1.0" encoding = "utf-8" ?>.. .. Italian translation for Notepad++ 8.6.5.. Last modified Tue, March 12th, 2023... For updates, see https://github.com/notepad-plus-plus/notepad-plus-plus/tree/master/PowerEditor/installer/nativeLang..-->.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Italiano" filename="italian.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Modifica"/>.......<Item menuId="search" name="Ri&amp;cerca"/>.......<Item menuId="view" name="&amp;Visualizza"/>.......<Item menuId="encoding" name="Fo&amp;rmato"/>.......<Item menuId="language" name="&amp;Linguaggio"/>.......<Item menuId="settings" nam

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\japanese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):109290
                                                                                                                                                                                                                Entropy (8bit):6.037495608661621
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:ya55uttv8lMRUecH5c35KSUJ9ywla7ct+LPARZFMpxe:yaKtfsy35KSxQHtE+Zapxe
                                                                                                                                                                                                                MD5:50EBC74F778D8CDDAEA4F449FC93DFE1
                                                                                                                                                                                                                SHA1:7FE246ED1A63843C079FE6AD6EF843EC106C3183
                                                                                                                                                                                                                SHA-256:0791E1EE1C5D9F19328CBADB0CD60E54B9BE66915A6DA9FE99A6EEEC80824AD9
                                                                                                                                                                                                                SHA-512:A545C61168F46DB7A3EB12DA2E50D69696D13CF9A94D269840B5610B8579E7DE075E0873FBFA4BBA19621F3927C4B6BC2596E629B556F6ADCAE159A13BFA19EB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Japanese" filename="japanese.xml" version="8.6.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="....(&amp;F)"/>.......<Item menuId="edit" name="..(&amp;E)"/>.......<Item menuId="search" name="..(&amp;S)"/>.......<Item menuId="view" name="..(&amp;V)"/>.......<Item menuId="encoding" name=".....(&amp;N)"/>.......<Item menuId="language" name="..(&amp;L)"/>.......<Item menuId="settings" name="..(&amp;T)"/>.......<Item menuId="tools" name="...(&amp;O)"/>.......<Item menuId="macro" name="...(&amp;M)"/>.......<Item menuId="run" name="..(&amp;R)"/>.......<Item menuId="Pl

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\kabyle.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39980
                                                                                                                                                                                                                Entropy (8bit):5.122615821831661
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nPljcdJZQgZ5+Cio4z3ilzHBrDso3TWwe:n9mJZQgZ4Cio4z3i1D3Tte
                                                                                                                                                                                                                MD5:7C29F26D87D03E9E94AB58D599BFB5F7
                                                                                                                                                                                                                SHA1:88556FD0C1593A3A81DF2FE50CEA3621659E2EC5
                                                                                                                                                                                                                SHA-256:6146A5D85F5E87499BD68AA1BEB01735CCF8CBE18453D75CD2B67DB33C9558FF
                                                                                                                                                                                                                SHA-512:3C96AD60DF3EE008A4FD91A63DF76BBEF8C4EE0D8A68B5396782A18CE0A221E81A61B800258F8C22AFB342B64588A1DE160495BC7651FDE982D26431C98CE10E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Taqbaylit" filename="kabyle.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="Afaylu"/>.......<Item menuId="edit" name="Ta.rigt"/>.......<Item menuId="search" name="Nadi"/>.......<Item menuId="view" name="Abeqqe."/>.......<Item menuId="encoding" name="Asettengel"/>.......<Item menuId="language" name="Tameslayt"/>.......<Item menuId="settings" name="I.ewwaren"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="Selkem "/>.......<Item menuId="Plugins" name="Plugins"/>.......<Item menuId="Window" name="Asfaylu"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Copy to Clipboard"/>.......<Item subMenuId="edit-indent" name="Asi.i"/>.......<Item subMenuId="edit-convertCaseTo" name="Err askil d"/>.......<Item subMenuId="edit-lineOperations" name="Ajerri."/>....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\kannada.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):62974
                                                                                                                                                                                                                Entropy (8bit):5.005322960704437
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nds15J09d5tPDnO1uzCtUgA3yceUCrUQL9nua1eWCfG0Jzh4lqeLeNNqnUJIeXr4:c9r4N2z355vDUTC
                                                                                                                                                                                                                MD5:AF854EA965ED05461D73705D8170CB39
                                                                                                                                                                                                                SHA1:908FD8455EC99DD6AAA8F598C97BBB68D7F1A9A8
                                                                                                                                                                                                                SHA-256:521B6DEE404684904F00C2F1484DD417CB756231564E38389269C476133FAAD8
                                                                                                                                                                                                                SHA-512:B7756244E7E9D14095627391574BAD608CF1D122A023E5CE65F2805549433F4C1355AA0E12028F99F6026F0014FB2BECF44608F772304D6F3BC1A23CC9427C51
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="....." filename="kannada.xml" version="6.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="....."/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="...."/>.......<Item menuId="encoding" name="..........."/>.......<Item menuId="language" name="..........."/>.......<Item menuId="settings" name="..........."/>.......<Item menuId="macro" name="........"/>.......<Item menuId="run" name="..."/>.......<Item menuId="Plugins" name=".........."/>.......<Item menuId="Window" name="....."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".... .........

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\kazakh.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):30859
                                                                                                                                                                                                                Entropy (8bit):5.360365511349026
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nDZzsjAak6AyylkdvUUntDb2nBVLdBvo4KwiV5/T1Dlrq+4fXg6ZtnWSZi/xDCM8:nNFxFwtDbYLdB3fXg6BZoxgJk7BG
                                                                                                                                                                                                                MD5:C903171B671384DE9E882529CA8997F5
                                                                                                                                                                                                                SHA1:EB513B55ECE604E896C8DE14FFC57E2FD3F15A4A
                                                                                                                                                                                                                SHA-256:F24D7AD3574EA5D218EFA0F847AC68964AAC5C9E33CF853AB779BA3E0FE04C5E
                                                                                                                                                                                                                SHA-512:96061B6F5B525B47B3CE7479D358BCBBC1DCC7B4A035BCD31F03D5FD6D4F54274EFAD37FFBED67ABD0B591E6372AA14B2F66E6CD35CE6C174B80ABF2EA3F04FF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="......." filename="kazakh.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="....."/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="......."/>.......<Item menuId="encoding" name="......"/>.......<Item menuId="language" name="............. ..."/>.......<Item menuId="settings" name="......"/>.......<Item menuId="macro" name="........."/>.......<Item menuId="run" name="...."/>.......<Item menuId="Plugins" name="..........."/>.......<Item menuId="Window" name="......"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="...... .......... ......"/>.......<Item subMenuId="edit-indent" name="......."/>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\korean.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML document, Unicode text, UTF-8 text, with very long lines (853), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):101071
                                                                                                                                                                                                                Entropy (8bit):6.007348309883879
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:uoadRdB04WZb++BfD9KHff83GcwZi4L/LpcJ4gkHe2+m6oAxpJe5nute:+P304Kb+MfD9KHcoaJ4NdoPop
                                                                                                                                                                                                                MD5:6B11D26C28578E0F8E8B10BA1F8F09A9
                                                                                                                                                                                                                SHA1:B2C2AD64156A183330F182A0ABC730D925EA5629
                                                                                                                                                                                                                SHA-256:142EB72ECD62E11E8787564030F59E78F4A8637F66C978849F824063C11E75A1
                                                                                                                                                                                                                SHA-512:AFF8F9E2A4BA11885DE2770058448A5758066E9AB8BD9B3EE759D9E938313D1AFB4279EF7077338F60D5CBEA9A9042769744771826EF7DE996E7E1800D236C6D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version = "1.0" encoding = "utf-8" ?>.. .. <localization work version="7.8.1~8.5.5" nick="Sapziller" name="ByungJo Yoon" mail="yunbj@naver.com"/> <localization work version=6.5.3~7.4.2 name="..." mail= "domddol@gmail.com"/> <localization work version=1 and 6.1.5 nick= "taggon" name= "Taegon Kim" mail= "gonom9@gmail.com"/> <localization work version=2 nick= "" name= "JiHui Choi" mail= "jihui.choi@gmail.com"/> <localization work version=5.4R2 nick= "DreamFactory7" name= "JongPil Kim" mail= "kmshts@naver.com"/> <localization work version=4 nick= "Sapziller" name= "Byungjo Yoon" mail= "yunbj@naver.com"/> <localization work version=5.8 nick= "DreamFactory7" name= "JongPil Kim" mail= "kmshts@naver.com"/> <localization work version=5.9 nick= "Syonsi" name= "Kim JunHo" mail= "syonsi@live.com"/> <localization work version=5.92 nick= "Global DOL+I" name= "Lee Junho" mail= "riifjv@live.com"/>..-->..<NotepadPlus>...<Native-Langue name="..." filename="korean.xml" version="8.5.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\kurdish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):50092
                                                                                                                                                                                                                Entropy (8bit):5.474812541374722
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:59XADKjzwG9bPGbQ4JzXhcBjHK7XqIm+rreXo4QC+e:59XAW3OsHUXUk4Qne
                                                                                                                                                                                                                MD5:9D0BE6BA275FB681D47561D2E03F14AB
                                                                                                                                                                                                                SHA1:911491E5B8525C291631EB07ABE026E9728973D0
                                                                                                                                                                                                                SHA-256:95EC78005291AE3736136F5D6CBB4CDA4EC79DF4C35DBBC2F7625AE9A513FE40
                                                                                                                                                                                                                SHA-512:30CAA1EB59E94CB61DA64073B3A2DECF131A78F0C519C8E1B834DFDC2D84F9FB39C0C9E230DD48C7216853B26AD831A1BEE1A878E602C489789BD7B969D63441
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="....." RTL="yes" editZoneRTL="no" filename="kurdish.xml" version="7.5" -->...<Native-Langue name="....." RTL="yes" filename="kurdish.xml" version="7.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;....."/>.......<Item menuId="edit" name="&amp;........"/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="E&amp;ncoding"/>.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\kyrgyz.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32805
                                                                                                                                                                                                                Entropy (8bit):5.430521744755845
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:G7C0CVWhfkQKoYW3zRrCOwvENkZgZCA2VdTO1KiL:G7wVyYfEtZCExL
                                                                                                                                                                                                                MD5:561BEA9397B5A0E3F27BBC8B941EDD0B
                                                                                                                                                                                                                SHA1:E913B58C1FC1DB8F342D0228B97E58885AAD8EF6
                                                                                                                                                                                                                SHA-256:A7DB585F7FA93A803AA8FCC5F9F20F88E1CBAC7E44200F8BF03D56B3426C3FF6
                                                                                                                                                                                                                SHA-512:4948373CFF4A9B98650DACCD0486B82AB3F0A3E9724B0E5933409E53E30D81450CB11D8EC34CFF15C028C1207F60F30EE168CDD3C7318125EF0E9DA652238825
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Kyrgyz translation made by: -->.. Murat Jumashev <murat@crm.kg> -->.. Last update (5.6.8): 23:58 22.03.2010 -->..<NotepadPlus>...<Native-Langue name="........" filename="kyrgyz.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name=".&amp;...."/>.......<Item menuId="view" name="&amp;......."/>.......<Item menuId="encoding" name="&amp;.........."/>.......<Item menuId="language" name="&amp;........."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="macro" name="&amp;........."/>.......<Item menuId="run" name="&amp;....."/>.......<Item menuId="Plugins" name="..&amp;........"/>.......<Item menuId="Window" name=".&amp;........"/>......</Entries>........ Sub Menu Entries -->......<SubE

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\latvian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):44880
                                                                                                                                                                                                                Entropy (8bit):5.241742723279163
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:RMnu5CiTEyR1KIL8fkvvuFvMNEERjIaH7U6HOe:RIu5FEyR1KIL8fkvGCKERj9Nue
                                                                                                                                                                                                                MD5:E0A5C3BAB1C84402E1541D5DA836122C
                                                                                                                                                                                                                SHA1:1CE66BEA0B941A7850B447936BD50E93830DC1FB
                                                                                                                                                                                                                SHA-256:91DC2682D7B8ADC2901CCC23654AF85778D38589C8C4B9BEE650F2BB46AB08C1
                                                                                                                                                                                                                SHA-512:B1C99E43FFB736BE1F033EE5B9B022679ADA091431466708BBAF01A3730981B39057244C24A38262A744CC27FF1F1D3C50479884ADEC3B9B07ED7EE0418F0196
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Translated by Arvis L.cis (http://twitter.com/arvislacis) v10.7.8 -->.. Aditional translations by K.rlis Kalvi.kis (eko@lanet.lv) 2014.12.16. -->..<NotepadPlus>...<Native-Langue name="Latvie.u" filename="latvian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fails"/>.......<Item menuId="edit" name="&amp;Labot"/>.......<Item menuId="search" name="&amp;Mekl.t"/>.......<Item menuId="view" name="&amp;Skats"/>.......<Item menuId="encoding" name="Ko&amp;d.jums"/>.......<Item menuId="language" name="&amp;Valoda"/>.......<Item menuId="settings" name="Ies&amp;tat.jumi"/>.......<Item menuId="macro" name="&amp;Makrokomandas"/>.......<Item menuId="run" name="&amp;Palaist"/>.......<Item menuId="Plugins" name="Spra&amp;ud.i"/>.......<Item menuId="Window" name="&amp;Cilnes"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" n

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\ligurian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28597
                                                                                                                                                                                                                Entropy (8bit):5.095388791074348
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:7x6QKfeUN2VqPwM6cMxzc+2IQEN/jZraT4BLFZpKPdae:7x6QKxopQ6l7Ike
                                                                                                                                                                                                                MD5:1A2066B01589FDA1B8F591191D8DAB8F
                                                                                                                                                                                                                SHA1:BB2247F5212DE96EDEAB038BAD9D6C23E1478117
                                                                                                                                                                                                                SHA-256:4029DB6EC20C115F3F475EF1862DE5EA5C04D37ABFD64FC904175C560B587B7B
                                                                                                                                                                                                                SHA-512:1AB0CF1B162004EB6C29F0B593BB4F1240149888D83685AFA7CD6CB6DED1E5E4FF030BC5C6519B0CF97A94CC68C365E27E7D837752B24F80A4682E8A4A5669EE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Ligurian translation for Notepad++ 5.8.6...Last modified Sat, February 26th, 2011 01:00 GMT by GENOVES.com.ar...Please e-mail errors, suggestions etc. to info(at)genoves.com.ar....-->..<NotepadPlus>...<Native-Langue name="Zeneize" filename="ligurian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Modifica"/>.......<Item menuId="search" name=".&amp;erca"/>.......<Item menuId="view" name="&amp;Veddi"/>.......<Item menuId="encoding" name="For&amp;mato"/>.......<Item menuId="language" name="&amp;Lengoaggio"/>.......<Item menuId="settings" name="I&amp;nposta.ion"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="Ezegoi"/>.......<Item menuId="Plugins" name="Plugins"/>.......<Item menuId="Window" name="Barcon"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToCli

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\lithuanian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):61966
                                                                                                                                                                                                                Entropy (8bit):5.29257393820577
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:HX/MSN8cl/3xovEBy3J5pLYSTMBmvzDjsEAwOGcMu2Jfe:HvMOvl/xovEBiJ5pLYSThzP1cb2Jfe
                                                                                                                                                                                                                MD5:F95613E520ABD99AFDA450CBB267D7DF
                                                                                                                                                                                                                SHA1:2409917588C0E756397CDE59F2C976535F9EB91F
                                                                                                                                                                                                                SHA-256:FDE9551FFCD4C6F10BEFA19855E51DD7871035612ADDB3E8EFF0A48A7A1C17DB
                                                                                                                                                                                                                SHA-512:F62CFF1BD1877ACDF2BE87CB9C756A39E9D6A5615F556ADB98A223CC2C132B98DBEA6AF648695ECCE340645C13DC755101940B95BEB26068860772C51056A41E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. .. Lithuanian localization for Notepad++.. =====================================.. 2012.11.05 - v. 6.2 - Dmitrijus Skun.ikas (dmitrijus.skuncikas@gmail.com).. 2018.07.11 - v. 7.5.7 - Andrius Burokas..-->..<NotepadPlus>...<Native-Langue name="Lithuanian" filename="Lithuanian.xml" version="7.5.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Failas"/>.......<Item menuId="edit" name="K&amp;eisti"/>.......<Item menuId="search" name="Pa&amp;ie.ka"/>.......<Item menuId="view" name="&amp;Vaizdas"/>.......<Item menuId="encoding" name="&amp;Koduot."/>.......<Item menuId="language" name="Ka&amp;lba"/>.......<Item menuId="settings" name="Nu&amp;statymai"/>.......<Item menuId="tools" name=".&amp;rankiai"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="Palei&amp;dimas"/>.......<Item menuId="Plugins" name="&amp;Papildiniai"/>.......<Item menuId="W

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\luxembourgish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):23279
                                                                                                                                                                                                                Entropy (8bit):5.162321849349043
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:bbSNxq09IoqHMHGgdzLyKIi3a52vuPJOXT0Gjc0J75uemt1eZ4Joge:bb7/xoXQiy2vsJOXT0wdG9e
                                                                                                                                                                                                                MD5:870632CE7CA82F2AE0FB149654B281BC
                                                                                                                                                                                                                SHA1:B91A5B7CA8C1AFF961741F852FED4E8A5DD7381D
                                                                                                                                                                                                                SHA-256:9E3366FE5A1B98C6FB3B18CBC51344A91EA62C42F3CA7561CCA9EDA8B88F126B
                                                                                                                                                                                                                SHA-512:BD27FAF1990D0D57561543BFC0406E18A2BD2536035C2372B71EF3A6C3129947102D17AE4030F354413B5267E3519B130A6A7B0DBCFEDACFFA9E53DC8E0EC5F6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Luxembourgish translation for Notepad++ 5.1....Last modified 02 December 2008 by Steve Gengler...-->..<NotepadPlus>...<Native-Langue name="L.tzebuergesch" filename="luxembourgish.xml">....<Menu>.....<Main>...... Main Menu Titles -->......<Entries>.......<Item menuId="file" name="&amp;Datei"/>.......<Item menuId="edit" name="&amp;Beaarbechten"/>.......<Item menuId="search" name="&amp;Sichen"/>.......<Item menuId="view" name="&amp;Usiicht"/>.......<Item menuId="encoding" name="&amp;Format"/>.......<Item menuId="language" name="S&amp;prooch"/>.......<Item menuId="settings" name="&amp;Astellungen"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="Ausf.ie&amp;ren"/>.......<Item menuId="Plugins" name="Er&amp;weiderungen"/>.......<Item menuId="Window" name="F.&amp;nster"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Te&amp;xtbl.ck opmaache

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\macedonian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):31159
                                                                                                                                                                                                                Entropy (8bit):5.207326616302606
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:l66L/IpjNDqqGAoohURHvbTfiiTr6UPfGwW8zLojmwe:l66L/lAe16iFNLoCwe
                                                                                                                                                                                                                MD5:6A14D4A5652CCB9E39372A208AEFEC63
                                                                                                                                                                                                                SHA1:08C3DC749D50E7C56447EA17A4388D3B9DE86875
                                                                                                                                                                                                                SHA-256:A81ACE4F3EDECCCF81497CBD60277C0399B2709B6AF19123602AF023731C2466
                                                                                                                                                                                                                SHA-512:AE9496DF0105D7041995D03295E532CFF12126DD8DCD3A1A16C66F8C5217C0599965D297618F1FA16DECF2955BD497EA3972538D434886CD7A7A1BEE2CF26E54
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Macedonian localization for Notepad++...Last modified Wednesday, November 11th 2009 18:06 GMT by Kiril Sardjoski....Please e-mail errors, suggestions etc. to kiril.sardjoski(at)gmail(dot)com...-->..<NotepadPlus>...<Native-Langue name="Macedonian" filename="macedonian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;........."/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;......"/>.......<Item menuId="encoding" name="...&amp;..."/>.......<Item menuId="language" name="&amp;....."/>.......<Item menuId="settings" name="..&amp;........"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="......"/>.......<Item menuId="Plugins" name="Plugin-..."/>.......<Item menuId="Window" name="........"/>......</Entries>........<

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\malay.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20895
                                                                                                                                                                                                                Entropy (8bit):5.011699137451405
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:oIlkZbl3LlMvw/OEu00qWDVNnvdiV3pqI2Z6ysqYSegTwmk0ucBBk+iLnvt4stI0:o3NYwOEzpqIjIebFD9ypYlkPEyqL
                                                                                                                                                                                                                MD5:532C7AF28D5DEFDFCC35CBD5DF57068C
                                                                                                                                                                                                                SHA1:B80AF39DE9F750B52DDDA274D43BBE71F3B233B4
                                                                                                                                                                                                                SHA-256:758BA8E78218870974052B4AA90AD746D396BF42AF2B886D73271156CDFF3B3E
                                                                                                                                                                                                                SHA-512:E398C58C9B88EEE2D164395FDF8092B18FDBA83627A5CF512C0FDB9E995C4CBFB5AD7D4F91FD97DE83F55EE4B465A8AAE64411FCD92619A3511DE887BA629ABF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<NotepadPlus>... ..Author: Andi Rady Kurniawan..Date: 12 October 2008..Desc: Malay translation for Notepad++..-->...<Native-Langue name="Bahasa Melayu" filename="malay.xml">......<Menu>.......<Main>...... Main Menu Entries -->........<Entries>.......<Item menuId="file" name="&amp;Fail"/>.......<Item menuId="edit" name="&amp;Sunting"/>.......<Item menuId="search" name="&amp;Carian"/>.......<Item menuId="view" name="&amp;Pandangan"/>.......<Item menuId="encoding" name="For&amp;mat"/>.......<Item menuId="language" name="&amp;Bahasa"/>.......<Item menuId="settings" name="&amp;Ketetapan"/>.......<Item menuId="macro" name="Mak&amp;ro"/>.......<Item menuId="run" name="&amp;Jalan"/>.......<Item menuId="Plugins" name="Plu&amp;gin"/>.......<Item menuId="Window" name="&amp;Tetingkap"/>......</Entries>...... Sub Menu Entries -->........<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Lipat peringkat"/>.......<Item subMenuId="view-uncollapseLevel" name="Bentang peringkat"/>.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\marathi.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40355
                                                                                                                                                                                                                Entropy (8bit):5.09165606968306
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:MOyQ7xsgRQF7cUdzlaKTmG5qxyOy3sEDon1ZjvnnDbnQke4VUXFe:MOvxsgRafOFvnDLQR4VSFe
                                                                                                                                                                                                                MD5:F86D652A046B9C0E32268CAD01F7D6F8
                                                                                                                                                                                                                SHA1:708626A4F92FC89459761CE176655F293C0C43CD
                                                                                                                                                                                                                SHA-256:E2822D05B0B51348F828B1EE10920ADF231795FCF43CE446FB070B927AF86DA8
                                                                                                                                                                                                                SHA-512:C61F802AD1A84C703F769DF298436F7A9C3DAC1559AC6438D9CF17C5FB23C8DCC4931F84B6CCBA49B059B457E3FD93CBE9B498C4B72814DDDC588CAB4D70236B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ...::Marathi language file for Notepad++ ::.....** created By:- Nikhil Tamhankar **....Email- iamnik.mailme@gmail.com.....**modified by:kumar gagare....Email-kumargagare1@gmail.com....-->..<NotepadPlus>...<Native-Langue name="....." filename="marathi.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;...."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name="&amp;...."/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name=".....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\mongolian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):52955
                                                                                                                                                                                                                Entropy (8bit):5.3852573973702675
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nIW4V+JXRmmXgdIQx8WsMRfIBqfRXbPusk1oPmBzfW6dJJz76OeF2Xqjqsaxcsg0:nIW5tiRXbPkEmBzfW6dJx62Xq+vcyX7L
                                                                                                                                                                                                                MD5:325B4D42F0CBF67D0ED309CF40014FC9
                                                                                                                                                                                                                SHA1:46ECA7E15944F80F48DE1A644B27F9F5D8FFA49D
                                                                                                                                                                                                                SHA-256:960E38B757BBE9EEDD1106E4FCA9A5315E7C635FAFB99E2E462225F6A5C1393C
                                                                                                                                                                                                                SHA-512:87701F28E5968BDB48593B1E0ADC56C6468017EF3408F1F24F9E6922830DD2A1C355A9E83A28C53E9025FA44C622DABADE1653F93FF1A9EB6D9D7D2F85E287B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Mongolian" filename="mongolian.xml" version="6.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name=".&amp;...."/>.......<Item menuId="encoding" name="&amp;........"/>.......<Item menuId="language" name=".&amp;.."/>.......<Item menuId="settings" name="&amp;........"/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name=".........."/>.......<Item menuId="Plugins" name="........."/>.......<Item menuId="Window" name="...."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-OpenFolder" name="...... ... ....... ...."/>.......<Item subMenuId="file-CloseMore" name=".... .....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\nepali.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):107727
                                                                                                                                                                                                                Entropy (8bit):4.982262018791112
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nu+A5xJtuL8rYo5CK3WtJFtzWfpvKVpNL:Q5FYMCK3WtJFtzWfpvKLJ
                                                                                                                                                                                                                MD5:5389F6E8EF24696BCAFB7588B71956D3
                                                                                                                                                                                                                SHA1:4A3BF52147FCA77EA377346058613AF5FFACD254
                                                                                                                                                                                                                SHA-256:5A46D64CE256EFE3171EEDDA4FF79424EE77178783597C36172F18DAB983AD79
                                                                                                                                                                                                                SHA-512:2A1F8518D10ADF5ABE8B9F39FD62A7E793AC3777122D7EA8B3D85360D90AC1D8597C7E89EA349BB87C53255D451AE44AEAB37AE8504A511143B68BCEA22821D4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Nepali" filename="nepali.xml" version="7.8.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....... ........."/>.......<Item menuId="search" name="&amp;.........."/>.......<Item menuId="view" name="&amp;.........."/>.......<Item menuId="encoding" name="......."/>.......<Item menuId="language" name="&amp;...."/>.......<Item menuId="settings" name="........"/>.......<Item menuId="tools" name="........"/>.......<Item menuId="macro" name="&amp;........"/>.......<Item menuId="run" name="&amp;.........."/>.......<Item menuId="Plugins" name="&amp;........."/>.......<Item menuId="Window" name="&amp;......"/>......</En

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\norwegian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (353), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):81732
                                                                                                                                                                                                                Entropy (8bit):5.210747075462769
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:anuIBV5o6OQtAnI/DE+nFHPkuiAhbXdo04Eh7NXS0s0Uyfz7JFPFVN5Sm0DpD/Fe:auIByoxhWEh7Noy79FPSmkp5e
                                                                                                                                                                                                                MD5:21B3B8C97A3333FA34C0A15336C5D58A
                                                                                                                                                                                                                SHA1:0B7DCE1807438036F3B1DBE111817D4AA9C576AE
                                                                                                                                                                                                                SHA-256:4A25BF8F3E7313A7DC0C35BFBA0123CB98C7675875002935B871B1445917AEFC
                                                                                                                                                                                                                SHA-512:0CE0548BEC4717FBBB98A6B3C6433B7075A117672C7544B02CED757500259D6E62B73DDA58BD697B9FC955FB729FC22199DD915176E0BE8EAD6074A91A4EC4A9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>....<NotepadPlus>...<Native-Langue name="Norsk" filename="norwegian.xml">.... Endret av Tor Ole Gr.nvoll 2015-08.. torole@gmail.com -->....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fil"/>.......<Item menuId="edit" name="&amp;Rediger"/>.......<Item menuId="search" name="&amp;S.k"/>.......<Item menuId="view" name="&amp;Vis"/>.......<Item menuId="encoding" name="F&amp;ormat"/>.......<Item menuId="language" name="S&amp;pr.k"/>.......<Item menuId="settings" name="&amp;Oppsett"/>.......<Item menuId="tools" name="Verkt.y"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Kj.r"/>.......<Item menuId="Plugins" name="Tillegg"/>.......<Item menuId="Window" name="Vindu"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".pne filplassering"/>.......<Item subMenuId="file-closeMore" name="Lukk &am

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\nynorsk.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):31923
                                                                                                                                                                                                                Entropy (8bit):5.0984124276087055
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:nyt02Wmq4z3dJyQd6INoxCruLMdL0sWO8gadV/3H/e:nyt5e/DxvB/3fe
                                                                                                                                                                                                                MD5:FD537E7770AA814C138A92D36DAF9AA9
                                                                                                                                                                                                                SHA1:201B36C3BBC158D0D56697CC60316DB46B7742FC
                                                                                                                                                                                                                SHA-256:2512B231EB72F50029A3EF9C15AAE911C2D9F75E62831C0D577E00D4B961F689
                                                                                                                                                                                                                SHA-512:C9144713F018933687A0E1B0956061008BE9F0B423F517A11CA899641B0FEF26BB482821BD7AC651E5965898929385E91B7716157C5F4732CEB945259CAD549F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Norsk-nynorsk" filename="nynorsk.xml">...... Omsett av Thomas Bernes 2008-12.. thomas.bernes@gmail.com -->......<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fil"/>.......<Item menuId="edit" name="&amp;Rediger"/>.......<Item menuId="search" name="&amp;S.k"/>.......<Item menuId="view" name="&amp;Vis"/>.......<Item menuId="encoding" name="&amp;Teiknkoding"/>.......<Item menuId="language" name="S&amp;pr.k"/>.......<Item menuId="settings" name="&amp;Innstillingar"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="K.yr"/>.......<Item menuId="Plugins" name="Programtillegg"/>.......<Item menuId="Window" name="Vindauge"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Kopier til utklippstavla"/>.......<Item subMenuId="edit-indent" name="Innnrykk

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\occitan.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60789
                                                                                                                                                                                                                Entropy (8bit):5.173413597495489
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nc+kAtQxGckJpgWZUO+x9kBsiYfHA6KCDhLfi3hDe:nlkAeG9JCWZUOMimANCDhLfi3Ve
                                                                                                                                                                                                                MD5:4F676E15B99B28E3EE20414D953F4FF7
                                                                                                                                                                                                                SHA1:222F500D84D5F7BE43FCFA3D07D9369B3580887D
                                                                                                                                                                                                                SHA-256:BE14747EC4C7CA2C2CCA241096DC09AA694118D3EFEE5C1D8561CB2843C1F762
                                                                                                                                                                                                                SHA-512:F86DCD6218BCC0B5E93D4F76FAF2CA582437DA8D90166C7B9B4781D236CB526A1A0FDE9EB6E68F077F617A1FC435259BD9E1EF833F814857552CCF042CA09544
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Occitan" filename="occitan.xml" version="7.5.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Fichi.r"/>.......<Item menuId="edit" name="&amp;Edicion"/>.......<Item menuId="search" name="&amp;Recercar"/>.......<Item menuId="view" name="&amp;Visualizacion"/>.......<Item menuId="encoding" name="For&amp;mat"/>.......<Item menuId="language" name="&amp;Lengatge"/>.......<Item menuId="settings" name="Param.&amp;tres"/>.......<Item menuId="tools" name="&amp;Aisinas"/>.......<Item menuId="macro" name="Macr."/>.......<Item menuId="run" name="Executar"/>.......<Item menuId="Plugins" name="Ajustons"/>.......<Item menuId="Window" name="Fen.stra"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Dobrir lo dorsi.r parent"/>.......<Item subMenuId="file-closeMore" name="Tampar mai"/>.......<Item s

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\piglatin.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (500), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):64425
                                                                                                                                                                                                                Entropy (8bit):5.122167087440154
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:BSJ3T6TLxkSwCMKqUPZJT8XImImvImY6RUv2gfiBxJySJkosme8qe:ByiqUxL0Jsmete
                                                                                                                                                                                                                MD5:5CCC6088975F5B152F5FF52C26392E4F
                                                                                                                                                                                                                SHA1:C9EBDE1AFC557E357F1866262AF93A7B8E45519B
                                                                                                                                                                                                                SHA-256:20B94B853014B63E6FCD2F6E788DF991E95C3461F40999CD995424815A0FE26B
                                                                                                                                                                                                                SHA-512:B909E88850F38C56D76CCBAA0EF2817AE3A6C9BDFB87E5A8B8773675A04AE8888A95946DF49A0A5EDC0B43566EA49BB95F8A2E7513EA69EE95642D1FA6AC9745
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>..<NotepadPlus>...<Native-Langue name="Pig Latin" filename="piglatin.xml" version="7.5.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="Ile&amp;fay"/>.......<Item menuId="edit" name="&amp;Edityay"/>.......<Item menuId="search" name="Earch&amp;say"/>.......<Item menuId="view" name="Iew&amp;vay"/>.......<Item menuId="encoding" name="E&amp;ncodingyay"/>.......<Item menuId="language" name="Anguage&amp;lay"/>.......<Item menuId="settings" name="E&amp;ttingssay"/>.......<Item menuId="tools" name="&amp;Oolstay"/>.......<Item menuId="macro" name="Acro&amp;may"/>.......<Item menuId="run" name="Un&amp;ray"/>.......<Item menuId="Plugins" name="Ugins&amp;play"/>.......<Item menuId="Window" name="Indo&amp;wway"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Openyay Ontainingcay Olderfay"/>.......<Item subMenuId="file-closeMore" name="Oseclay

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\polish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):100733
                                                                                                                                                                                                                Entropy (8bit):5.453554152415288
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:yd1t7yVppuAxUzwBl8rtnmlCRrasWoelEzl/pxcpf:y2BwnmwrasXS5
                                                                                                                                                                                                                MD5:6DE02EBA45DA1EEEE47318D111C4AE1F
                                                                                                                                                                                                                SHA1:CC3E60F27C9DE9EEA8B87183EA431F9644E1EFEF
                                                                                                                                                                                                                SHA-256:B1520AFC223CBE0A3560173E8A9DD2AF29C7D28CC01A441B8DCFD3EB908CE1FB
                                                                                                                                                                                                                SHA-512:F461598555E089EAB19156A790ED5862155CAEE812BD90DB83D07CBCE990C690F5CC485806193769A79F67C050BD33DE285C9F072913C83BA812145163859F70
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->.. .. History of Polish translation for Notepad++:.... - Updated by Arkadiusz Michalski (webref.pl) to version 8.5.5 (02.08.2023).. - Updated by Cezariusz Marek to version 7.8.3 (11.01.2020).. - Translated by Patryk Skorupa (ppskorupa@outlook.com) and up-to-date as of version 7.7.2 (29/07/2019).. - Translated by Piotr Kostrzewski (piotrkostrzewski2@@outlook.com) and up-to-date as of version 8.6.6 (02.04.2024).... The most recent version of this file can usually be downloaded from:.. https://github.com/notepad-plus-plus/notepad-plus-plus/blob/master/PowerEditor/installer/nativeLang/polish.xml..-->..<NotepadPlus>...<Native-Langue name="polski" filename="polish.xml"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\portuguese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):106559
                                                                                                                                                                                                                Entropy (8bit):5.252699863448662
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:MawWf+oAW4AQ07CB6RMunUwwpAKC7lYNkTa1p3t:IW49kCB6RDnUwwpAKC7lbar9
                                                                                                                                                                                                                MD5:6B8A32A54C0C30A2C939C229847B211E
                                                                                                                                                                                                                SHA1:ED357FE0CB88879B521986BE7A2E92F8D690A687
                                                                                                                                                                                                                SHA-256:9979CA47B42D70405B6D83C2279DD797BA0C523B3DC23B377D9740E29E8347A0
                                                                                                                                                                                                                SHA-512:CBD6FE2EB783C01A274CD9504AC99E0545AFFD150C6B175DAE05BC688633375AC0A0B05F87B80C92FF9E105879DE07AB2D87762324CFAF727BA46CD3B0346902
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Nota de tradu..o:..1. Instale o plugin XML Tools para formatar a sua tradu..o XML. Atrav.s do comando do menu "Plugins -> XML Tools-> Pretty print - indent only"...2. Todos os coment.rios s.o de car.ter explicativo, n.o s.o de tradu..o...-->..<NotepadPlus>...<Native-Langue name="Portuguese Portugal" filename="portuguese.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Ficheiro"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="P&amp;rocurar"/>.......<Item menuId="view" name="&amp;Visualiza..o"/>.......<Item menuId="encoding" name="&amp;Codifica..o"/>.......<Item menuId="language" name="&amp;Linguagem"/>.......<Item menuId="settings" name="D&amp;efini..es"/>.......<Item menuId="tools" name="F&amp;erramentas"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;xecutar"/>.......<Ite

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\punjabi.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59114
                                                                                                                                                                                                                Entropy (8bit):5.1965193223243
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:n1IuvFcT/8OA1dEe+zwB+mn8r9nA2EtHWy7qZ1NAyddb9W3TWv6LtnFlvFte:n1ID9wCdwBh6nMtHFqZ1NPzbo3TWKte
                                                                                                                                                                                                                MD5:13D4AA551F726F4040DE50E7C7A85E6C
                                                                                                                                                                                                                SHA1:49B8EFC18237FBDF631247C14DCDC0B45DAEF612
                                                                                                                                                                                                                SHA-256:A7AC38D31AF237BD77723AA3C50F31ED463C563DB84CAB8C3B0AE582E8D2937D
                                                                                                                                                                                                                SHA-512:B17A5D770CDF4FCAE12476C7DB1BB59045D7056F51F1867E8A020CE4B6D19426CF69A8EEDC511001F367DA8FDBFEFC9B9CCC4824FF6634766ED5D749315788DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="...... .." filename="punjabi.xml" version="6.8.2">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;..."/>.......<Item menuId="search" name="&amp;..."/>.......<Item menuId="view" name="&amp;...."/>.......<Item menuId="encoding" name="&amp;........"/>.......<Item menuId="language" name="&amp;....."/>.......<Item menuId="settings" name="&amp;......"/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name=".."/>.......<Item menuId="Plugins" name="......"/>.......<Item menuId="Window" name="....."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="... .... ....."/>.......<Item subMenuId="file-clo

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\romanian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):121574
                                                                                                                                                                                                                Entropy (8bit):4.74227526902425
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:sYSZZIZTpif01O/w9vaeGyS5Dsejjw1v8upse:xdic0XVw1v7v
                                                                                                                                                                                                                MD5:2FC4E2425059BE563150557495B302B8
                                                                                                                                                                                                                SHA1:F543282028D05D7B2FECC01D8D71DCF817219299
                                                                                                                                                                                                                SHA-256:6C5E27E7C19F9E1DCFDAAEB640C5A9F374B02D6F3C247ECEE07FA5A177AB443A
                                                                                                                                                                                                                SHA-512:CCE7EF38CE3A2DF91E617A6877D12EB66DAA2A2A9F466B8F75FC03579BAF82DE9EE539EFC32353FCFAFBCEA76C57622AB1B674FF75CF87DB6DCA0D5FC1D2FB14
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..- Traducerea .n rom.n. pentru Notepad++ 8.6.5..- Ultima modificare 17 martie 2024 de c.tre Miloiu Andrei-Valentin... Modific.rile din 30 ianuarie 2019 au fost f.cute de c.tre Barna Cosmin Marian.. Pentru actualiz.ri vizita.i: https://github.com/notepad-plus-plus/notepad-plus-plus/tree/master/PowerEditor/installer/nativeLang.. -->..<NotepadPlus>.. <Native-Langue name="Romanian" filename="romanian.xml" version="8.6.5">.. <Menu>.. <Main>.. Main Menu Entries -->.. <Entries>.. <Item menuId="file" name="&amp;Fi.ier"/>.. <Item menuId="edit" name="&amp;Editare"/>.. <Item menuId="search" name="&amp;C.utare"/>.. <Item menuId="view" name="&amp;Afi.are"/>.. <Item menuId="encoding" name="C&amp;odificare"/>.. <Item menuId="language" name="&amp;Limbaj"/>..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\russian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):129950
                                                                                                                                                                                                                Entropy (8bit):5.398329215172861
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:ttEbYIWPdCNbko/oOfKixYEgpjBS9EC57TgKImhtAVnoJOSps9xNzqzAiCe:SfKBS757TgKphtAVoJ/sBqzA4
                                                                                                                                                                                                                MD5:001DFC3EE20433B969F2DB6D8B905653
                                                                                                                                                                                                                SHA1:872622047917C7904AC8E2A014839E1D915BF9CB
                                                                                                                                                                                                                SHA-256:0F69859EF65E45ABCBE00F1E6A5B9EF8B18D024D3F8CA72F1E2150EC7898DB23
                                                                                                                                                                                                                SHA-512:0589FC41586DB4353864FDAEDB5044CBD83911EFD1F158EB4B5AC018E5DB0D83C1B95D7FC3510511462408C8AD2B228F4E8E6D4FB3D00F1E655A6308DED3EADD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Russian translation for Notepad++..Updated to v8.6.6:..- ..-->..<NotepadPlus>...<Native-Langue name="......." filename="russian.xml" version="8.6.6">....<Menu>.....<Main>...... ....... .... -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;......"/>.......<Item menuId="search" name="..&amp;..."/>.......<Item menuId="view" name="&amp;..."/>.......<Item menuId="encoding" name="&amp;........."/>.......<Item menuId="language" name="&amp;.........."/>.......<Item menuId="settings" name="&amp;....."/>.......<Item menuId="tools" name=".....&amp;......"/>.......<Item menuId="macro" name="&amp;......."/>.......<Item menuId="run" name="&amp;......"/>.......<Item menuId="Plugins" name=".....&amp;.."/>.......<Item menuId="Window" name="...&amp;...."/>......</Entries>......<SubEntries>.......<Item subMe

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\samogitian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7832
                                                                                                                                                                                                                Entropy (8bit):5.074931873331391
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nXgLkaLDidBiwFkGY0I0eXrGdmsa7O+tSWuKVW9MZ7oM/7yUtlV5iXtHbge:njiwFkXr+kT9ve
                                                                                                                                                                                                                MD5:AAB66DCE85895AFFD7BAE8F7C9CC562E
                                                                                                                                                                                                                SHA1:F8D0CAEF6417E6BFC2D36740EB6110BF015D9ADE
                                                                                                                                                                                                                SHA-256:AD7850E4F4B98AFF535EFE8B24E540AC7BB1D39C3DBB8BC649AA7126AB311C6C
                                                                                                                                                                                                                SHA-512:B2722D6DCC290F65FB2971A51B1D709D3797878ECF876E489CB207F96E4BC4A3F6F130753F3FB8EA884FCEB616CFD61166E7A5C84BBC241FA10E8764368B0515
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Samogitian" filename="samogitian.xml">.... Mindaugas Machernis veertea. -->....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Failaa"/>.......<Item menuId="edit" name="&amp;Keistea"/>.......<Item menuId="search" name="&amp;Eaishkuotea"/>.......<Item menuId="view" name="R&amp;uodiitea"/>.......<Item menuId="encoding" name="&amp;Format's"/>.......<Item menuId="language" name="&amp;Shnekta"/>.......<Item menuId="settings" name="&amp;Nostatimaa"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>..............</SubEntries>........ all menu item -->......<Commands>.......<Item id="41001" name="&amp;Koortea.Ctrl+N"/>.......<Item id="41002" name="&amp;Atdariitea.Ctrl+O"/>.......<Item id="41003" name="&amp;Sheaata Ozhdariitea Ctrl+W"/>.......<Item id="41004" name="&amp;Veasas Ozhdariitea"/>.......<Item id="41005" name="&amp;Keatas Ozhd

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\sardinian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):34737
                                                                                                                                                                                                                Entropy (8bit):5.103440432092928
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:e6unX1zk/Oy3RXVL+xaYQ2078x1AVxad721IGeTs+Be:jmzk3V6aHIGeTNBe
                                                                                                                                                                                                                MD5:9CEB9921A23897BF2C275BE5661231A4
                                                                                                                                                                                                                SHA1:EEC3ADFAA7B514838FCD9D8DB65937B9F545BA7B
                                                                                                                                                                                                                SHA-256:832A34E630178FD33871EB1C9633447D46E2861C39221FF2E100D0F4EDFC8632
                                                                                                                                                                                                                SHA-512:B1DCD4FAC2180F75F19EA25067EEC420891FFA642A17F2D69CE791A5D6353978FA624497F26CA4ED50DCBC025B860FD33C7CEF110AD24670ED5E58266F71AF25
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Sardininian translation for Notepad++ 5.9.6.1...Last modified Sat, December 24th, 2011 01:10 GMT by Marco Solinas....Please e-mail errors, suggestions etc. to solinas.marco(at)libero.it....For updates, see https://sourceforge.net/projects/notepad-plus/forums/forum/558104/topic/1853765.....Custa tradutzioni est fata sighendu is arr.gulas de sa "Limba Sarda Comuna". Custu scioberu...ndi benit de sa necessidadi de dhi donai a sa comunidadi inform.tica sarda un'aina chi potzat...essi imperada de totus, in Sardu, sentza de fai distintzioni peruna tra variantis. Ammarolla, ca...d.u etotu soi unu "cabesutesu", sa basi de su Sardu chi dhui at, in custa faina, a suta de sa LSC...est cussu chi apu sempri int.ndiu allegai d.u: s'Olliastrinu de costera. In d.nnia manera, ca...d.u soi unu de cussus chi funt cumbintus chi totugantu su Sardu apartenit a totus is Sardus, timoria...de is pr.stitus internus no ndi t.ngiu: tandu, candu apu agatau u

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\serbian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):19236
                                                                                                                                                                                                                Entropy (8bit):5.131159808659015
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:nfjr3D/CDKiGEoaYr7yyCYJPexckpuy64fbdfiI8+7++RU9W/Kh48BsdE7iZ6/Mm:n9TPexckbM+c71BpYe
                                                                                                                                                                                                                MD5:BC7B6AA54DA64BB3DDF9BD939DD22A9A
                                                                                                                                                                                                                SHA1:C13213709A8EA3E7CF5D702220A4F09F2AD966FD
                                                                                                                                                                                                                SHA-256:DA72EBB99A389B854F0DB6D51BA712857445D8C6CA392A9645713D8A9AEF765E
                                                                                                                                                                                                                SHA-512:676781B8E231D1CE83892B2541A69DAC43AA57DBD20179BA1641565F4B7A134993FCC916FE507403D7F4BD5AF4B6DFAD58748F8AA5971BD51BB917BF1626CCE8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Srpski(Serbian)" filename="serbian.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="D&amp;okument"/>.......<Item menuId="edit" name="&amp;Uredi"/>.......<Item menuId="search" name="&amp;Tra.i"/>.......<Item menuId="view" name="&amp;Prikaz"/>.......<Item menuId="encoding" name="For&amp;mat"/>.......<Item menuId="language" name="&amp;Jezik"/>.......<Item menuId="settings" name="P&amp;ostavke"/>.......<Item menuId="macro" name="Makro"/>.......<Item menuId="run" name="Pokreni"/>.......<Item menuId="Plugins" name="Dodaci"/>.......<Item menuId="Window" name="Prozor"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="view-collapseLevel" name="Sakrij nivo"/>.......<Item subMenuId="view-uncollapseLevel" name="Otkrij nivo"/>......</SubEntries>........ all menu item -->......<Commands>.......<Item id="41001" name="&amp

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\serbianCyrillic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39919
                                                                                                                                                                                                                Entropy (8bit):5.279096364598868
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:MFlLh+em5PtJ6we/Or592ScomO+e9f9vsRQJhbchJscpyL:MFloJ6wemrPCJiV0RQJWnsccL
                                                                                                                                                                                                                MD5:91C945838695F8624AFFAB97B6B7042A
                                                                                                                                                                                                                SHA1:80F16F26AED76AD2ED00C5FF67686BCD885E8C12
                                                                                                                                                                                                                SHA-256:A8404BEE78182C3CA243AB618344714185AE9D4BEB6CBA42DE577C72958E8AA0
                                                                                                                                                                                                                SHA-512:4F0F05F7DA3D6473BA98853FC80DA2947BD572EADA2FB76D7EE923E458149FF305C9E516831D563A846B0DE57EDEACBED4F2B157EAAC9A00F6A5178D0784DBE9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Serbian localization for Notepad++...Last modified Wednesday, Mart 11th 2010 18:06 GMT by .... .............Please e-mail errors, suggestions etc. to ivanstar61 at gmail.com...-->....<NotepadPlus>...<Native-Langue name="......" filename="serbianCyrillic.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name=".&amp;......."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;......"/>.......<Item menuId="encoding" name="...&amp;....."/>.......<Item menuId="language" name="&amp;....."/>.......<Item menuId="settings" name=".&amp;......."/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name="......."/>.......<Item menuId="Plugins" name="......"/>.......<Item menuId="Window" name="......"/>......</Entries>..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\sinhala.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48057
                                                                                                                                                                                                                Entropy (8bit):5.1022433558010665
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:dg9EA1Wb1L3Gv7jvYyvFkCgDtxXB2z/0ZN2LdvjBICV8umz4lOyCh8uCDuVEeZ3k:dguiM3Gv7jvYyNkCgZxXB2z/bu/ThcDN
                                                                                                                                                                                                                MD5:79C45EBE1BD455B20EBB08877ED93C53
                                                                                                                                                                                                                SHA1:67993E982A81F07F71B2A63189B62C6B151E0951
                                                                                                                                                                                                                SHA-256:2C24F7AA723A32A139FB79F2CD288C36157EC90B994A66693CF9D0C697F672AF
                                                                                                                                                                                                                SHA-512:1C9663769C679635689EE4D18C2CE9515C528F96D1D654E9CC06E17BB149C15C9C9571BEDD980F50FAAD515F265CE862FB11C4D05D89B60486AFA2BED4071BAE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.... Contributors: Supun Viraj, Gihan Timantha, Lasith Tarindu -->.. University of Colombo School of Computing, Sri Lanka, 2013 -->....<NotepadPlus>...<Native-Langue name="Sinhala" filename="sinhala.xml">....<Menu>.....<Main>........ Main Menu Entries -->........<Entries>.........<Item menuId="file" name="....."/>.......<Item menuId="edit" name="......"/>.......<Item menuId="search" name="......"/>.......<Item menuId="view" name="......."/>.......<Item menuId="encoding" name="...."/>.......<Item menuId="language" name="....."/>.......<Item menuId="settings" name="......."/>.......<Item menuId="macro" name="..... ...."/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name=".... ........"/>.......<Item menuId="Window" name="......"/>........</Entries>........ Sub Menu En

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\slovak.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):102240
                                                                                                                                                                                                                Entropy (8bit):5.506880391329283
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:Pz8xYYcBIcQj0+/bHuZ/WCUldlHjClpiRee:7Y4BIp0+GgjC7kF
                                                                                                                                                                                                                MD5:86FC29408E0558574AA061EA89B95D23
                                                                                                                                                                                                                SHA1:6DFE6D03945A73F4EED7D82E169B176D8F2AE053
                                                                                                                                                                                                                SHA-256:5988B76BD77E9985B5DCDB640F364ACCBACFB4A0BAF52AF43754A97054CBF321
                                                                                                                                                                                                                SHA-512:EB55F25BC0B539D929798EE976A9EF23AF4D7A989EB8288A1B91062C6A430355F6B47561B27DCA245E14FF28EEAFD08B478E4EE9223767D6BAB22FFD65D4CC74
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...Slovak localization for Notepad++..-->..<NotepadPlus>...<Native-Langue name="Sloven.ina" filename="slovak.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;S.bor"/>.......<Item menuId="edit" name=".&amp;pravy"/>.......<Item menuId="search" name="&amp;H.ada."/>.......<Item menuId="view" name="&amp;Zobrazi."/>.......<Item menuId="encoding" name="&amp;K.dovanie"/>.......<Item menuId="language" name="&amp;Jazyk"/>.......<Item menuId="settings" name="&amp;Nastavenia"/>.......<Item menuId="tools" name="N.s&amp;troje"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="Sp&amp;usti."/>.......<Item menuId="Plugins" name="&amp;Doplnky"/>.......<Item menuId="Window" name="&amp;Okn."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Otvori. prie.inok &amp;s.boru"/>.......<

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\slovenian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):101532
                                                                                                                                                                                                                Entropy (8bit):5.288562794586069
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:gX4xXNbOf8RBjDvZYOjQLJfRWa1FDVjs+h0ps5xCVaYJvYpg06:C6XNbOf8RBzQLJca1FDTh0pVVaYJvOg9
                                                                                                                                                                                                                MD5:24D40C7518B692C88E38ADBF500BBA8E
                                                                                                                                                                                                                SHA1:E3952CB96BE0C25D2CDB03A5C71DDF824EAAE587
                                                                                                                                                                                                                SHA-256:7E342CB04B73BB91C7BC8EC9541E01A6F9354AD37A176A73483F1F415D380D13
                                                                                                                                                                                                                SHA-512:11DBC23DA70F4812F976146A422574E3E1D6CBF31B2E93D47448482573DA65CD46C7B9490E5B788512A8AFEAD03C418DE0D6BC87BB594C2F7039A0FB1AE5CDCE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. .. Slovenian localization for Notepad++ v8.6.5.. Last modified 02. Apr 2024 by dr. Vinko Kastelic......-->..<NotepadPlus>...<Native-Langue name="Sloven..ina" filename="slovenian.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Datoteka"/>.......<Item menuId="edit" name="&amp;Uredi"/>.......<Item menuId="search" name="&amp;Najdi"/>.......<Item menuId="view" name="&amp;Pogled"/>.......<Item menuId="encoding" name="K&amp;odiranje"/>.......<Item menuId="language" name="&amp;Sintaksa jezika"/>.......<Item menuId="settings" name="Nas&amp;tavitve"/>.......<Item menuId="tools" name="Oro&amp;dja"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;Po.eni"/>.......<Item menuId="Plugins" name="&amp;Vti.niki"/>.......<Item menuId="Window" name="&amp;Okno"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\spanish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):105220
                                                                                                                                                                                                                Entropy (8bit):5.201254249515188
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:yaoLa5DdeL5z47ZID61co2blJcbHRyYATBWZk+2EDJPFTy0pJGAfne:ya0a6Qtc9ARyJBWZk+rPc0pJGAPe
                                                                                                                                                                                                                MD5:10167DE4084557BB12B54E03CB905441
                                                                                                                                                                                                                SHA1:5D8911F1A2CCC38B1D03B37E4BA76DFBE4003A0B
                                                                                                                                                                                                                SHA-256:6BEB17CDA5D7C20FA33441C46D4EBC8247EBF39600C0A2E4C6E49194009502BA
                                                                                                                                                                                                                SHA-512:FE43CBF88BFFF9CE30EE763446B7A9E25E34E52FAB3D9D82BF733ABE0A751BD8ACC44CD7A51B4CD03E59B2FC2EDB39D72953BF4DCF1785D8F94B99F3A9C6D823
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Espa.ol" filename="spanish.xml" version="8.6.5">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Archivo"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Buscar"/>.......<Item menuId="view" name="&amp;Vista"/>.......<Item menuId="encoding" name="Co&amp;dificaci.n"/>.......<Item menuId="language" name="&amp;Lenguaje"/>.......<Item menuId="settings" name="C&amp;onfiguraci.n"/>.......<Item menuId="tools" name="He&amp;rramientas"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;jecutar"/>.......<Item menuId="Plugins" name="Complemen&amp;t

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\spanish_ar.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41595
                                                                                                                                                                                                                Entropy (8bit):5.088333387922988
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:nisXSvLH/UsEx4dZFjYF2RLYE/bbbjC4ki1TKA4DsxaLVm5/Due:ntXSvbIbHe
                                                                                                                                                                                                                MD5:2F5E583098C0CEF1081798BB779E7524
                                                                                                                                                                                                                SHA1:474CA09D5E6A9A885523EADC68952436ADAA1172
                                                                                                                                                                                                                SHA-256:5ABB9A1B8555CECEF039C4352EE73BDDF690DFD0EC4FEE8542F2E0A3B9C0055F
                                                                                                                                                                                                                SHA-512:E4FC7887C17A918CF4B40F96066C574874D74C7ABB210E8D5F0CCAF6A9BBD23140BB6136942F0FFF5C6FB9A6B42A28FD3934E85287B842357414397E10685D2E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Castellano - Espa.ol" filename="spanish_ar.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Archivo"/>.......<Item menuId="edit" name="&amp;Editar"/>.......<Item menuId="search" name="&amp;Buscar"/>.......<Item menuId="view" name="&amp;Ver"/>.......<Item menuId="encoding" name="&amp;Formato"/>.......<Item menuId="language" name="&amp;Lenguaje"/>.......<Item menuId="settings" name="&amp;Configuraci.n"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menuId="run" name="E&amp;jecutar"/>.......<Item menuId="Plugins" name="&amp;Complementos"/>.......<Item menuId="Window" name="Ve&amp;ntana"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-closeMore" name="Cerrar m.s"/>.......<Item subMenuId="file-recentFiles" name="Archivos recientes"/>.......<Item subMenuId="edit-copyToClipboard" name="Copiar

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\swedish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):101151
                                                                                                                                                                                                                Entropy (8bit):5.2881696046641435
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:kajha+LZDwqaGkzwfx6iO/2FriAaeQ3HpEAaReXEwhi043OUGUajK/qEOYKfh3DF:kaALIyDZrXM3aK/qEOFVJpbZIe
                                                                                                                                                                                                                MD5:FD8AFF58917C8E6F2E04DCEDBB1E2C09
                                                                                                                                                                                                                SHA1:94EB927886A85126245E2DEE1FB0EEFC507D3735
                                                                                                                                                                                                                SHA-256:A589AB4627826D12C017551976F55E3AC6DB8F8BB755FDFA6E1955302EAC9B80
                                                                                                                                                                                                                SHA-512:2B0FE3892BEB37F9052A0D11B8B06671FFA2611939E4491EFE54693BFA9AA77DF7704E8CC3C590007A8B7815BE1397A8378A22825544BD05DBB7739FE94B48FB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name="Svenska" filename="swedish.xml" version="8.6.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Arkiv"/>.......<Item menuId="edit" name="&amp;Redigera"/>.......<Item menuId="search" name="&amp;S.k"/>.......<Item menuId="view" name="&amp;Visa"/>.......<Item menuId="encoding" name="K&amp;odning"/>.......<Item menuId="language" name="S&amp;pr.k"/>.......<Item menuId="settings" name="&amp;Inst.llningar"/>.......<Item menuId="tools" name="V&amp;erktyg"/>.......<Item menuId="macro" name="&amp;Makro"/>.......<Item menuId="run" name="&amp;K.r"/>.......<Item menuId="Plugins" name="I&amp;nsticksprogram"/>.......<Item m

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\tagalog.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24635
                                                                                                                                                                                                                Entropy (8bit):5.011979175803779
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:ngWFsSiq/dkOdWOWY+aHw83iV/etQqNyrVEocIRRdDRf3IFjnDeVTNTW06D7RckE:nu/qxWInYey5lRR9BcjnwNilT3aycQbe
                                                                                                                                                                                                                MD5:4CEF1B7BA4B4240BD755B7917053E146
                                                                                                                                                                                                                SHA1:B6C6FE1A2A4D7035BA56FD25DF43ABBC85569544
                                                                                                                                                                                                                SHA-256:3C940F8A64D6893EB6846A5BC3E0D266D3B243EA1AFF6C30723A56DA8D35008D
                                                                                                                                                                                                                SHA-512:39555741C9B860A925C54DB6FF014085B41DF2C4B8166C48845B3F218FF61FC33845DA447E45E0BC6D72598CF828344F96B78CBBAEA3FDB1BE0AB85F38D49D5A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="Tagalog" filename="tagalog.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Pila"/>.......<Item menuId="edit" name="&amp;Ayusin"/>.......<Item menuId="search" name="Mag&amp;hanap"/>.......<Item menuId="view" name="&amp;Tignan"/>.......<Item menuId="encoding" name="A&amp;nyo"/>.......<Item menuId="language" name="&amp;Wika"/>.......<Item menuId="settings" name="Ka&amp;lagayan"/>.......<Item menuId="macro" name="Laki"/>.......<Item menuId="run" name="Takbo"/>.......<Item menuId="Plugins" name="Mga Plugin"/>.......<Item menuId="Window" name="Dungawan"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="Isipi sa Klipbord"/>.......<Item subMenuId="edit-indent" name="Ipasok"/>.......<Item subMenuId="edit-convertCaseTo" name="Baguhin ang kaso"/>.......<Item subMenuId="edit-lineOperations"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\taiwaneseMandarin.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):84725
                                                                                                                                                                                                                Entropy (8bit):6.12951783959753
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:h1/HIydTKgZG+26PpR79d1SVRN/YR5977LHDa3YICAlUSUpVMze:h5HIG26v9d1SVR0/AgpVye
                                                                                                                                                                                                                MD5:D8126D75BE7F37DAD890F22621176959
                                                                                                                                                                                                                SHA1:62A718DA1ACC872EC18D47C76C997D5904B004FE
                                                                                                                                                                                                                SHA-256:71796D3746AF68E183D3D977323B50E876DEDFD05898998E885EDF8E713BB314
                                                                                                                                                                                                                SHA-512:0731E82DDC6FCD8F5B8B790A2D46F54EE2E49E6ADACA4AC0AF219842A867CD0D9F3E1A89A354AC066C3663D60E040E60C03B0405D18FAA20BA005AF4F06C4FC4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>...<Native-Langue name="...." filename="taiwaneseMandarin.xml" version="8.6.3">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="..(&amp;F)"/>.......<Item menuId="edit" name="..(&amp;E)"/>.......<Item menuId="search" name="..(&amp;S)"/>.......<Item menuId="view" name="..(&amp;V)"/>.......<Item menuId="encoding" name="..(&amp;N)"/>.......<Item menuId="language" name="..(&amp;L)"/>.......<Item menuId="settings" name="..(&amp;T)"/>.......<Item menuId="tools" name="..(&amp;O)"/>.......<Item menuId="macro" name="..(&amp;M)"/>.......<Item menuId="run" name="..(&amp;R)"/>.......<Item menuId="Plugins" name="..(&amp;P)"/>.......<Item menuId="Window" name="..(&amp;W)"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name=".......(&amp;F)"/>.......<Item subMenuId="file

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\tajikCyrillic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):55364
                                                                                                                                                                                                                Entropy (8bit):5.328842401268827
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:n+H9toJJycNtJn//b/tEQi3Ee2+fD/oIe+1qqG+CJdUnv1a+UL/+AGirG+31OO8c:n8aq0qsIBGRdUn9aD/8irFopLe
                                                                                                                                                                                                                MD5:06984B1AB1130E694446D32D1D5A34DF
                                                                                                                                                                                                                SHA1:932FDC1D9B89E930A8E11D327B66EA7B14038A13
                                                                                                                                                                                                                SHA-256:D04B0369DA198076BED68F3668F9B87594CC37346B0500195CC45A5390518C44
                                                                                                                                                                                                                SHA-512:94B5D2F2F7AF2E0CCDD9A883A1E494B679FE51F87A9C236DD9653AB490BA670FFCDAFA7655BE98F3ED9FB22811C32142856CB914A8730AE737082500048C8629
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="......" filename="tajikCyrillic.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;......"/>.......<Item menuId="search" name="&amp;......."/>.......<Item menuId="view" name="&amp;........"/>.......<Item menuId="encoding" name="&amp;.........."/>.......<Item menuId="language" name="&amp;....."/>.......<Item menuId="settings" name="&amp;........"/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="...."/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name="......."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-... ......Folder" name="... ....... ..... ....."/>.......<Item subMenuId="file-......M

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\tamil.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):102842
                                                                                                                                                                                                                Entropy (8bit):4.900111073225709
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:vs83N74aQpdBADrgkKACP8jSOPMsAHxLLmkj291ZifFSdbUBeLBRT2C9Hi8R8C89:vs83N74a6vADrgkKACP8jSOPMsAHxLL/
                                                                                                                                                                                                                MD5:B1FB599DAEA52466C20FBD2CE57DAED8
                                                                                                                                                                                                                SHA1:9DE1D20ABDFD03F8BA3E2D17248CE8A60E27F601
                                                                                                                                                                                                                SHA-256:B9AC155653B326862A2D86E90E99F342263439D12920DAF735D63A737CAB1CE5
                                                                                                                                                                                                                SHA-512:2C45CD41C6AF5A88DC2A5CC8044E28BF96C0EB60150059B3C55A9A383A423B574955DADE9A19FC6FE5A6DF3FFD4331BD72DBB62795F4230AF15AE405EC881D7A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="....." filename="tamil.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...... (&amp;F)"/>.......<Item menuId="edit" name="....... (&amp;E)"/>.......<Item menuId="search" name=".... (&amp;S)"/>.......<Item menuId="view" name="...... (&amp;V)"/>.......<Item menuId="encoding" name="............... (&amp;N)"/>.......<Item menuId="language" name=".... (&amp;L)"/>.......<Item menuId="settings" name=".......... (&amp;T)"/>.......<Item menuId="tools" name="........ (&amp;O)"/>.......<Item menuId="run" name="..... (&amp;R)"/>.......<Item menuId="Plugins" name=".............. (&amp;P)"/>.......<Item menuId="Window" name="...... (&amp;W)"/>......</Entries>........ Sub Menu Entries -

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\tatar.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (305), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59382
                                                                                                                                                                                                                Entropy (8bit):5.434739981360586
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:n/Ub7FjLwc0u21pAMq2H9yLdTHOojcOdo3Eh2MPe:4NC1pAMXsVB63Y0
                                                                                                                                                                                                                MD5:CD7A34974D8050B6507543E8B901C919
                                                                                                                                                                                                                SHA1:80314A3492BA7B804AC91E53FFC52E678E55B072
                                                                                                                                                                                                                SHA-256:08B075513E2287A253FD08BADD43893D1136ACB9A8C4DDEACDCB5F5CFCB69870
                                                                                                                                                                                                                SHA-512:700EB73CF42C434CA5E7C51EF7270F894FF0890B4BAE2CA11C195CB74869CA045564C5D68CD26F4E19D15F9ABFD695167E9663C3B609A62E6127F25EA32BC4C5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="......." filename="tatar.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;......"/>.......<Item menuId="search" name="&amp;....."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;......"/>.......<Item menuId="language" name="&amp;.........."/>.......<Item menuId="settings" name="&amp;........."/>.......<Item menuId="tools" name="&amp;........"/>.......<Item menuId="macro" name="&amp;........."/>.......<Item menuId="run" name="&amp;......"/>.......<Item menuId="Plugins" name="&amp;........."/>.......<Item menuId="Window" name="&amp;........."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="........ ..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\telugu.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):43175
                                                                                                                                                                                                                Entropy (8bit):4.946753811649962
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:rmk3PCBMllTBCcPTt5PHJZ3LG8XjLdHd0Wp+W+vYjPri9DPORGmjLkw8soyVoI8r:rrqKfZ/r8POW209JgCV35L
                                                                                                                                                                                                                MD5:EBA1EA00DF8D0D54139F6A176A19F3C3
                                                                                                                                                                                                                SHA1:22111C5365EC8B4F69D827FD2EF70D255602B5A5
                                                                                                                                                                                                                SHA-256:CD021EBD57EC2FBBC139744A9A11D8F95A04A929F3DE88DCF9153099D164EE89
                                                                                                                                                                                                                SHA-512:FACC82F4E277591A7721B0ABEB1D1B1C27B15D0D7B15C0E2B4CF81F744446388F9D199E59417F7A29930FB75E9DAE3250D8F66FB10D39F0A9271C64DE1EA6DD0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ...This is Telugu language file for Notepad++....I am Inspired by the Tamil and Hindi languages work done by Arivarasu B. and Rathin A. Dholakia....Author: Sreedhar Reddy V...Email: srib4ufrnd@gmail.com...Note: In case of any suggestions and improvements please contact me. Help Indian Languages To Grow. Thank you...-->..<NotepadPlus>...<Native-Langue name="......" filename="telugu.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name=".... (&amp;F)"/>.......<Item menuId="edit" name="..... (&amp;E)"/>.......<Item menuId="search" name="..... (&amp;S)"/>.......<Item menuId="view" name=".... (&amp;V)"/>.......<Item menuId="encoding" name="........... (&amp;N)"/>.......<Item menuId="language" name="........... (&amp;L)"/>.......<Item menuId="settings" name="........... (&amp;T)"/>.....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\thai.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41024
                                                                                                                                                                                                                Entropy (8bit):5.077227496963627
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:n2+F0vuX0DWzU8hPhcqh/8ZhbUIP2hwFaz+W9BPhQW3X1G5CSQjSZ0vAmkMqOKNu:n+MUIpcC/EeRduDrZruc4ke
                                                                                                                                                                                                                MD5:897528CA481081BBBB3A52B88C933AF5
                                                                                                                                                                                                                SHA1:B6F3317073970FA91344AF63061C7CBCA5CA90C0
                                                                                                                                                                                                                SHA-256:F90F18D7D3D822790FBEA2794C94F5A6654BD2EEF1E8F7B89FE80E27251970CB
                                                                                                                                                                                                                SHA-512:2445DEA1798A0F7F1CD58E0F7189B237142B376EA4A55E415339ACE2B3AD8ADF0833F864B8CAA8EC10B27729A8804A6910777A42682FAA292D664096A0455ACE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<NotepadPlus>...<Native-Langue name="thai" filename="thai.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name=".... (&amp;F)"/>.......<Item menuId="edit" name="..... (&amp;E)"/>.......<Item menuId="search" name="..... (&amp;S)"/>.......<Item menuId="view" name="...... (&amp;V)"/>.......<Item menuId="encoding" name=".............. (&amp;N)"/>.......<Item menuId="language" name=".... (&amp;L)"/>.......<Item menuId="settings" name="....... (&amp;T)"/>.......<Item menuId="macro" name="....."/>.......<Item menuId="run" name="....."/>.......<Item menuId="Plugins" name="........"/>.......<Item menuId="Window" name="........"/>......</Entries>........ Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="edit-copyToClipboard" name="......

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\turkish.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):100783
                                                                                                                                                                                                                Entropy (8bit):5.440965198575632
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:0W2ZuKPjVtbyJLGPrFWq4jU1Q/reJ0cMh+h+3Oi8UtaycyGCqcWYxl7xpDwieueS:09uK4zeyxfivw5DflupNV9e
                                                                                                                                                                                                                MD5:A047F8CE1F6C110161A062F8EBD4CCA3
                                                                                                                                                                                                                SHA1:35F60A9D81674748C17228578583D657CC3ABEC1
                                                                                                                                                                                                                SHA-256:3298BACF092748F3A8234BD3775F6FD8D886DB8CFC2EB1DA5C56A08A86277FFA
                                                                                                                                                                                                                SHA-512:215C18E5E288BB34BC91A3B85287789FC7318C0BCAE89E8B3B8AD3C22B4C8CB0F7B2EB1D78CDA7D55B75A630697DC4220D233F650DE5985F93E917E27CD037B2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ...eviri notu:..1. L.tfen, XML .evirinizi d.zenlemek i.in XML Tools eklentisini y.kleyin. "Eklentiler -> XML Tools -> Pretty Print - indent only" men.s.deki komutu kullan.n...2. T.m yorumlar a..klama i.indir, .eviri i.in de.il...-->..<NotepadPlus>...<Native-Langue name="Turkish" filename="turkish.xml" version="8.6.3">....<Menu>.....<Main>...... Ana Men. Giri.leri -->......<Entries>.......<Item menuId="file" name="&amp;Dosya"/>.......<Item menuId="edit" name="D.&amp;zen"/>.......<Item menuId="search" name="&amp;Ara"/>.......<Item menuId="view" name="&amp;G.r.n.m"/>.......<Item menuId="encoding" name="&amp;Kodlama"/>.......<Item menuId="language" name="Dille&amp;r"/>.......<Item menuId="settings" name="A&amp;yarlar"/>.......<Item menuId="tools" name="Ar&amp;a.lar"/>.......<Item menuId="macro" name="&amp;Makrolar"/>.......<Item menuId="run" name="&amp;.al..t.r"/>.......<Item menuId="Plugins" name="&amp;Eklentiler"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\ukrainian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):129939
                                                                                                                                                                                                                Entropy (8bit):5.44588003277958
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:kaS3xs5aaij7lJgrVhkyhn8ApSjr3eX2hYKQn6GHxpnJOkjpbe:kaexQyahkyegyZCKQn6GRJJZpbe
                                                                                                                                                                                                                MD5:F6C453E271E7225B1B61D81F517037F0
                                                                                                                                                                                                                SHA1:650EA29975C57F978DE1E8E4B2E03AC4A28D90DB
                                                                                                                                                                                                                SHA-256:A5844D132FBECCD96234AB3807334F8D17D1C62F1DE87197E435CD4444F64876
                                                                                                                                                                                                                SHA-512:65EE01DA1C0DB5EA6665CD9ADF23E34959408EFE0CF4A4BCC6A35684434404D033A0EC3C48B60ACADDB83887D2312940E4626241B4C0F3D5532F42D4794FC6C1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. ..Translation note:..1. Please install XML Tools plugin for formatting your XML translation. Via menu "Plugins -> XML Tools-> Pretty Print - indent only" command...2. All the comments are for explanation, they are not for translation...-->..<NotepadPlus>...<Native-Langue name=".........." filename="ukrainian.xml" version="8.6">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name=".........."/>.......<Item menuId="search" name="....."/>.......<Item menuId="view" name="......."/>.......<Item menuId="encoding" name="........."/>.......<Item menuId="language" name="...."/>.......<Item menuId="settings" name="............"/>.......<Item menuId="tools" name="..........."/>.......<Item menuId="macro" name="......"/>.......<Item menuId="run" name="........"/>.......<Item menuId="P

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\urdu.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12846
                                                                                                                                                                                                                Entropy (8bit):5.463916984329165
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:Wa+miRi0G6rgAcld5ykW5IKiXCWF4sk7ntn8N9eTwN4+7ds5dOuGzeGLoa+7p0KZ:Warqo5a5QCWFetn8WTXqRJo56K5hpvge
                                                                                                                                                                                                                MD5:8D27A610FBD84B93B3941FE6E2EA5529
                                                                                                                                                                                                                SHA1:2B9F2AF89673A3553CC50E28A3702AF842DBF219
                                                                                                                                                                                                                SHA-256:35F660EFF9025E096AC18860FF81B085F28F652578FF5948D7215EA24C4F554B
                                                                                                                                                                                                                SHA-512:38801CFB3BDDD42A4F60983D3BB638B8788A4625521E96674942D88CE36EA8C6182C1C8A06240D937104E890FA894514901FCD0F66E7E58B3F1808885FE31934
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Urdu" RTL="yes" editZoneRTL="no" filename="urdu.xml" -->...<Native-Langue name="Urdu" RTL="yes" filename="urdu.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;...."/>.......<Item menuId="edit" name="&amp;....."/>.......<Item menuId="search" name="&amp;...."/>.......<Item menuId="view" name="&amp;....."/>.......<Item menuId="encoding" name="&amp;........"/>.......<Item menuId="language" name="&amp;....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\uyghur.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40429
                                                                                                                                                                                                                Entropy (8bit):5.431262484300799
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:/fq0i6711pUOy00FzSyGzUCQunLMyLVgPalck4ebzi5cRrdAoYs5e:/fq0iILU7XunL9L5rblYs5e
                                                                                                                                                                                                                MD5:09C4A97888BD74E6CA0C75C45CF1B573
                                                                                                                                                                                                                SHA1:BEAB76D723FA653F4B0F417EC31B2B2FDA33E228
                                                                                                                                                                                                                SHA-256:A1766715C33A14131121BCF5230BF3EADB272A989E695A297AEADC0B58CD28E0
                                                                                                                                                                                                                SHA-512:D27C7476698D087F0BCB174431C48BBC950A3F008B18B139B2ED9443538BFB58C535B085E68A08DD5619502641B078C6668726CB6FE9AD3AD46E519145CD307C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Uyghur(........,China) translation made by: -->.. Yasinjan Ghupur <yasenghupur@sina.com> 21 march 2012,revised: 25 April 2012-->.. If you want to see RTL direction, please rewrite <Native-Langue name="Uyghurche" RTL="yes" filename="uyghur.xml" > -->.. ...... ..... ........ ............. 2-... ..... ........... <Native-Langue name="Uyghurche" RTL="yes" filename="uyghur.xml" >-->..<NotepadPlus>... ...If "RTL" attribute is present and its value is "yes", then user can add "editZoneRTL" attribute beside,...and set the value of the attribute in question to "no", so Notepad++ GUI will be RTL,...but Scintilla zone will be LTR by opening files (see the commented example)....Of course, user can set any direction they want afterward, and what they have set on document will be remembered across the sessions....-->... Native-Langue name="Uyghurche" RTL="yes" editZoneRTL="no"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\uzbek.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (395), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):69688
                                                                                                                                                                                                                Entropy (8bit):5.513050211787308
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:Jm7/tTVfDP/BM7pCCKMY/p9gp+1eAktAPFhLLRe:J+tTVfD3ylJKjB1eAktAPFhBe
                                                                                                                                                                                                                MD5:95768C45F3C37D94A09EE30DA660AF6D
                                                                                                                                                                                                                SHA1:E803366438D6127FBEF56B826C1C00EC7B323EA1
                                                                                                                                                                                                                SHA-256:F77CA0A17D489FA30254A068E94BB40093CCBAEF68519DE7F5EA60CDED5B4A80
                                                                                                                                                                                                                SHA-512:CC6D46C61DF726FA0C2273194E64ADE498850E48F972D7FAEF3BB4A604A711C9E27E8763EFD83EB7FA2BEC45CB8D03A118A35BCEBA25EB52F162A0F0A4287FEE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Uzbek translation made by:..Orzu Samarqandiy <orzu at sourceforge.net>..Abdurashid Muhitdinov <cool_zero at list.ru>..Last update: 2009 July 07..-->.. ..Uzbek (Latin) translation for Notepad++..Updated to v8.1.4:..Updater: Shamsiddinov Zafar..-->..<NotepadPlus>...<Native-Langue name="O.zbekcha" filename="uzbek.xml" version="8.1.4">....<Menu>.....<Main>........<Entries>.......<Item menuId="file" name="&amp;Fayl"/>.......<Item menuId="edit" name="&amp;Tahrirlamoq"/>.......<Item menuId="search" name="&amp;Qidirmoq"/>.......<Item menuId="view" name="&amp;Ko.rinish"/>.......<Item menuId="encoding" name="&amp;Kodlashlar"/>.......<Item menuId="language" name="&amp;Sintaksislar"/>.......<Item menuId="settings" name="&amp;Tanlovlar"/>.......<Item menuId="tools" name="Qo.shimchalar"/>.......<Item menuId="macro" name="&amp;Makroslar"/>.......<Item menuId="run" name="&amp;Ishga tushirmoq"/>.......<Item menuId="Plugins" name="&amp;Ilovalar"/>....

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\uzbekCyrillic.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):30045
                                                                                                                                                                                                                Entropy (8bit):5.258674863524996
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Gj+khlxyQ6ah8bQU4A0pJbYEcFCXbDoXienaPUe:GxhqQT8bQG0FcFCLDoX7yUe
                                                                                                                                                                                                                MD5:F226A7BB9982EB764F20ACB02B084130
                                                                                                                                                                                                                SHA1:3030A16F9125D53FE4387B5A284ADAE328E92AAC
                                                                                                                                                                                                                SHA-256:837EE8F2497C3E62CC008C297BFE7A8B8A6AE7D9263C40282ED23E0F7088A0C7
                                                                                                                                                                                                                SHA-512:9FD15CB3282F33F51AD4AA82E0A7092D6854BDF0B1AAC782C4504518C24EE0B20335FC7586BEA8EE23B5D9F1F43ED6419E0B65C054D44BED96711DB1ACE6722C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. Uzbek translation made by: -->.. Orzu Samarqandiy <orzu at sourceforge.net> -->.. Abdurashid Muhitdinov <cool_zero at list.ru> -->.. Last update: 2009 July 07 -->..<NotepadPlus>...<Native-Langue name="......." filename="uzbekCyrillic.xml">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="...."/>.......<Item menuId="edit" name="........."/>.......<Item menuId="search" name="......."/>.......<Item menuId="view" name="......."/>.......<Item menuId="encoding" name="............"/>.......<Item menuId="language" name="........."/>.......<Item menuId="settings" name="........."/>.......<Item menuId="macro" name="........."/>.......<Item menuId="run" name=".... ......."/>.......<Item menuId="Plugins" name=".........."/>.......<Item menuId="Window" name="......."/>......</Entries>........

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\venetian.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (370), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):86190
                                                                                                                                                                                                                Entropy (8bit):5.2623585925680025
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:XuLMUbwO8l/A+2RfSHo+2iT4lkv3V2xrQW9ow1UY1gyErLFwCq4BM7ujCvSDe3pb:eL7+2R6HzdKmW9iLikM7ICvSgpoe
                                                                                                                                                                                                                MD5:ABA30DFF26A49F54D534D7E854C96730
                                                                                                                                                                                                                SHA1:D252EBDB98FC2878FE721D464F0BA550FCDB67F6
                                                                                                                                                                                                                SHA-256:3C545FC9BCC33083FA50C7A8CDFFD8FC9CE6A722F280C1ED7E2326756BCC3687
                                                                                                                                                                                                                SHA-512:335B8CE67BC2E1FE95AA0A6EB81F4264FE135B9A7F63D061FFB9CF1E0B14D4A5540661E5179C7005F0510307D10C9434DF1AA7085E04C09A3B716B39DD0A3A6B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. .. Venetian translation for Notepad++.. Last modified Mon, January 10th, 2022... Translators: 2019-xxxx, Matteo Concato (Conky77).. For updates, see https://github.com/notepad-plus-plus/notepad-plus-plus/tree/master/PowerEditor/installer/nativeLang.. The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name="V.neto" filename="venetian.xml" version="8.2.1">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;File"/>.......<Item menuId="edit" name="&amp;Mod.fega"/>.......<Item menuId="search" name="&amp;Ruma"/>.......<Item menuId="view" name="&amp;Vixua.ixa"/>.......<Item menuId="encoding" name="Forma&amp;to"/>.......<Item menuId="language" name=".en&amp;guagio"/>.......<Item menuId="settings" name="C&amp;onfigurasion"/>.......<Item menuId="tools" name="&amp;Angagni"/>.......<Item menuId="macro" name="Mac&amp;ro"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\vietnamese.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):99588
                                                                                                                                                                                                                Entropy (8bit):5.64901512867731
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:WL5Fbc9O5lBpX5tgaNvXPVdVsQDaKLWiBoi5pEf:WDXPV4MZLVBz3i
                                                                                                                                                                                                                MD5:10CD7529620BE6E4D85781DF8DC2ED2F
                                                                                                                                                                                                                SHA1:14BD5B81636909B598FA95F300D8AFA61BA9CAD5
                                                                                                                                                                                                                SHA-256:FE415E48917E0E97990668AA68FB5AAD70CA768876A6E5D8AFC99AB5A3172395
                                                                                                                                                                                                                SHA-512:965A33DE1A0E0B8DDB0B1A10F9BE1E74840C35E3CA3CDDAC338E37AE68D75D6968993A38B6B9339AF6813D5F8681AB0889641036F3235CFCC8691989FCB4649A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..The comments are here for explanation, it's not necessary to translate them...-->..<NotepadPlus>...<Native-Langue name="Ti.ng Vi.t" filename="vietnamese.xml" version="8.4.7">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;T.p"/>.......<Item menuId="edit" name="&amp;S.a"/>.......<Item menuId="search" name="T.&amp;m"/>.......<Item menuId="view" name="&amp;Xem"/>.......<Item menuId="encoding" name="&amp;Bi.n m."/>.......<Item menuId="language" name="&amp;Ng.n ng."/>.......<Item menuId="settings" name="T&amp;hi.t ..t"/>.......<Item menuId="tools" name="C.n&amp;g c."/>.......<Item menuId="macro" name="&amp;V. l.nh"/>.......<Item menuId="run" name="Ch.&amp;y"/>.......<Item menuId="Plugins" name="T&amp;r.nh c.m"/>.......<Item menuId="Window" name="C.&amp;a s."/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-op

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\welsh.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41895
                                                                                                                                                                                                                Entropy (8bit):5.134394785096586
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:ExDy72Vqy/JP2/CiS5IDw+W4C0VgFLW+s2O1BUte:ExD6NHK5IDw+Wt5LCVAe
                                                                                                                                                                                                                MD5:D3E0323D49BB4547B4C2EFFCBCD2D5AB
                                                                                                                                                                                                                SHA1:C6554AF27FBF1B21B30D42AED54EA44F6FE1A080
                                                                                                                                                                                                                SHA-256:86747FFBEEBAEECF75EF270017CC90E4B8471E116970B53E999CF621D7B82869
                                                                                                                                                                                                                SHA-512:1FB132D23AC6D64F9648F7BB00B7FA7F081F3F24DEC40EA19E7975C2E28451CC58987FAFA318A99F2994F5C1569C50477CE842AAE5EA2DB0E8800DC6F8EE071A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..Cyfieithiad | Translation..19.12.2014..gan/by Aled Powell..-->..<NotepadPlus>...<Native-Langue name="Cymraeg" filename="welsh.xml" version="6.6.8">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;Ffeil"/>.......<Item menuId="edit" name="Golygu (&amp;E)"/>.......<Item menuId="search" name="Chwilio (&amp;S)"/>.......<Item menuId="view" name="Golwg (&amp;V)"/>.......<Item menuId="encoding" name="Amgodiad (&amp;N)"/>.......<Item menuId="language" name="Iaith (&amp;L)"/>.......<Item menuId="settings" name="Gosodiadau (&amp;T)"/>.......<Item menuId="macro" name="Macro"/>.......<Item menuId="run" name="Rhedeg"/>.......<Item menuId="Plugins" name="Ategolion"/>.......<Item menuId="Window" name="Ffenestr"/>......</Entries>...... Sub Menu Entries -->......<SubEntries>.......<Item subMenuId="file-openFolder" name="Agor Ffolder Lleoliad"/>.......<Item subMenuId="file-closeMore" name="Cau Mwy"

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\zulu.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (314), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):63038
                                                                                                                                                                                                                Entropy (8bit):5.236503274195142
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:B0tQvNqocDMH33BEr6bckvC9WgvTeeyY4Wtv7ltBiLHjiN1L:BqQlqocgHRbDvC9WgvThhtODiN1L
                                                                                                                                                                                                                MD5:CFF25DEB9B9FCD120B4EFA7EBFFA979B
                                                                                                                                                                                                                SHA1:5233EA1689DC6B360D4243202E76942902BEFCCF
                                                                                                                                                                                                                SHA-256:613FE54A466082A1267DEC9014B0D1E582B5BF3507B6A04403D273FC81482E35
                                                                                                                                                                                                                SHA-512:1C100CF7C3F709E14C7FF55626BC8DEFD5A4C520037A929A6966608C2C1226D59FA10A2A6A06BFC421833E6F8C54B257DABE5E141B9FD4D33CC60E8CCABD24A3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>.. ..***********************************************************************************...zulu language binary translations file for Notepad++ ::...Created By:- Roshan K. Rathod...Email id- rathodroshan0137@gmail.com,rkinfoteh28@gmail.com..************************************************************************************.....-->..<NotepadPlus>...<Native-Langue name="zulu" filename="zulu.xml" version="7.6.2">....<Menu>.....<Main>...... Main Menu Entries -->......<Entries>.......<Item menuId="file" name="&amp;ifayela"/>.......<Item menuId="edit" name="&amp;hlela"/>.......<Item menuId="search" name="&amp;sesha"/>.......<Item menuId="view" name="&amp;buka"/>.......<Item menuId="encoding" name="E&amp;ukufaka ikhodi"/>.......<Item menuId="language" name="&amp;ulimi"/>.......<Item menuId="settings" name="Se&amp;izilungiselelo"/>.......<Item menuId="tools" name="To&amp;amathuluzi"/>.......<Item menuId="macro" name="&amp;Macro"/>.......<Item menu

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nsDialogs.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9728
                                                                                                                                                                                                                Entropy (8bit):5.158585441954107
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
                                                                                                                                                                                                                MD5:1D8F01A83DDD259BC339902C1D33C8F1
                                                                                                                                                                                                                SHA1:9F7806AF462C94C39E2EC6CC9C7AD05C44EBA04E
                                                                                                                                                                                                                SHA-256:4B7D17DA290F41EBE244827CC295CE7E580DA2F7E9F7CC3EFC1ABC6898E3C9ED
                                                                                                                                                                                                                SHA-512:28BF647374B4B500A0F3DBCED70C2B256F93940E2B39160512E6E486AC31D1D90945ACECEF578F61B0A501F27C7106B6FFC3DEAB2EC3BFB3D9AF24C9449A1567
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L...Q.d...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nswCBA3.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24146364
                                                                                                                                                                                                                Entropy (8bit):6.548378733739004
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:196608:cVNmuK5Oit12LPYX2RRuVgEx5t4dtPFPCa51C/KP/watd:cfK5O2XnVvxHoP4YMiztd
                                                                                                                                                                                                                MD5:7E61396EB3D9AEFC36E2D6FABFB64399
                                                                                                                                                                                                                SHA1:DE6CDB1922C662B560982BE0E4B03B30BD333294
                                                                                                                                                                                                                SHA-256:00B99FD55F80BF72740FB188436CA907321A49F3EF8A03E2BD8B9718DC8FF892
                                                                                                                                                                                                                SHA-512:45BC7C05DBE0ED689928A48A975DDE1BF839E52B3A05E2DF0CA3E08301D96A099398DE8306F0BD2036C4C364560D87E6625A5824A0EDC23DDFEC991C044A9C68
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........,.......,.......4n...,...T..........:...............................C...........................j............,..................z,..............J...................................................................................................................................6...9............C..................................................................f...............................................................g...............................................................h...............&.......................................................[.......................................................j.......'...,...........................................................................................................................:...............................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\temDE2B.tmp (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):380760
                                                                                                                                                                                                                Entropy (8bit):6.299969036175826
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:LCBAY0J+lPcB+hb5TnehFpKTA9vrrLimev:+6Y0J+lEB+htUFpK8c
                                                                                                                                                                                                                MD5:6E60B8D52EF7BF93DEA8E891C55BCD45
                                                                                                                                                                                                                SHA1:16D52CA5198E94AEFF04EF35FB3293F503379BB4
                                                                                                                                                                                                                SHA-256:26BD83C6F40D457ACCEB9857891D3F04A981C2C3A572B206F7774B4E4CA64C16
                                                                                                                                                                                                                SHA-512:0296D5C8B37214831D5A5187DB58F2ECFD1AE44062CA4405C627D88184F96A4457D0D35859BFB394F6B552ADB494D5134258FE68DA925E919FDEBD5DC9940AB6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l..a...a...a......a.....Fa..4....a..4....a..4...a......a......a......a...a..Ba.......a.......a.......a...a...a.......a..Rich.a..........PE..d...Y..f.........." ...(.....(.......v....................................................`......................................... !.......!..........(........2......X)..............p...............................@............................................text...,........................... ..`.rdata..2...........................@..@.data...DN...@...2... ..............@....pdata...2.......4...R..............@..@.rsrc...(...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\config.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (810), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8140
                                                                                                                                                                                                                Entropy (8bit):5.094754069700043
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:ejd3ueX5jJDQI7TugHZDKh6YUrrqCDAln:s5ueXNiI7KlLYrqbn
                                                                                                                                                                                                                MD5:D35F2B35FBD770A55944389B44F1A586
                                                                                                                                                                                                                SHA1:72A54D8C26D40DC5493D9F54C9F627303B223E02
                                                                                                                                                                                                                SHA-256:BC433ECF02EA647B2C622F75133AB931E6CD1FB6E9310B333B66178AA260145B
                                                                                                                                                                                                                SHA-512:B8E1575C8A00F67717F037ABA42EA3458D0F9523C8CF26D73CA7E9ADBF94729E7EEBE6B5BE6FF6CB20F6838F482F45A5EFC8F970BB38C1E806842AD6698CE520
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. <ProjectPanels>.. <ProjectPanel id="0" workSpaceFile="" />.. <ProjectPanel id="1" workSpaceFile="" />.. <ProjectPanel id="2" workSpaceFile="" />.. </ProjectPanels>.. <ColumnEditor choice="number">.. <text content="" />.. <number initial="-1" increase="-1" repeat="-1" formatChoice="dec" leadingChoice="none" />.. </ColumnEditor>.. <GUIConfigs>.. <GUIConfig name="ToolBar" visible="yes">standard</GUIConfig>.. <GUIConfig name="StatusBar">show</GUIConfig>.. <GUIConfig name="TabBar" dragAndDrop="yes" drawTopBar="yes" drawInactiveTab="yes" reduce="yes" closeButton="yes" doubleClick2Close="no" vertical="no" multiLine="no" hide="no" quitOnEmpty="no" iconSetNumber="0" />.. <GUIConfig name="ScintillaViewsSplitter">vertical</GUIConfig>.. <GUIConfig name="UserDefineDlg" position="undocked">hide</GUIConfig>.. <GUIConfig name="TabSetting" replaceBySpace="

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\contextMenu.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4928
                                                                                                                                                                                                                Entropy (8bit):4.9510176791704135
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:NG9IVG03Fs6+f/q+f/V+f/f+f//+f//+f/t+f/hVxSVJFYD6Fsg66P6618hIWH6U:ZM03Fs6+f/q+f/V+f/f+f//+f//+f/tu
                                                                                                                                                                                                                MD5:FDE4CC09D1C18C6CD7C1A4878E89D27E
                                                                                                                                                                                                                SHA1:22FBA21B254FED1A60DA5DE2B8AF3CF6E132B647
                                                                                                                                                                                                                SHA-256:43AC0B7BA9B1F91FD8D4841B8119344E6212B307A1DECCCF61658F31D38BB425
                                                                                                                                                                                                                SHA-512:FCC87B93CB4DD0949E82EDB7D2788D7ABD317F9F4C5F046CEBA1CD85A64B12B29C6BABA3E8646265DB02A48A2DC20C3B5E893A1334D9B1E91D26692B4E9C2D29
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..By modifying this file, you can customize your context menu popuped as right clicking on the edit zone...It may be more convinient to access to your frequent used commands via context menu than via the top menu.....Please check "How to Customize the Context Menu" on:..https://npp-user-manual.org/docs/config-files/#the-context-menu-contextmenu-xml..-->..<NotepadPlus>.. <ScintillaContextMenu>.... ....Use MenuEntryName and MenuItemName to localize your commands to add. ....The values should be in English but not in translated language.....(You can set Notepad++ language back to English from Preferences dialog via menu "Settings->Preferences...")....-->.. <Item MenuEntryName="Edit" MenuItemName="Cut"/>.. <Item MenuEntryName="Edit" MenuItemName="Copy"/>.. <Item MenuEntryName="Edit" MenuItemName="Paste"/>.. <Item MenuEntryName="Edit" MenuItemName="Delete"/>.. <Item MenuEntryName="Edit" MenuItemName="Sele

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\langs.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (5630), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):471251
                                                                                                                                                                                                                Entropy (8bit):4.7737402530211055
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:1s2snqjJH2/C8cB9mxTlrPKHm1CrJD8Um6Kuk0ZNAOXx/xRNbcVzNKTegPU90Dp7:22sUVmXPKHni6K10ZNAOX1/FimA4zDpD
                                                                                                                                                                                                                MD5:6DC18E98260A6D648C591200F14C9BF6
                                                                                                                                                                                                                SHA1:C5D3343D3F91DBFE4DB4ABFE8CA762104B32B995
                                                                                                                                                                                                                SHA-256:E3C7749A2CAF5ED7D5AD3EE5B6E341D1DCD5CBFFE56D2AC9C910EE4BF7E8814E
                                                                                                                                                                                                                SHA-512:6C0FA09B4712F6AA2397927A7261A7C06FAD4D528D8BE1ACA94BDB065614B83D070E91B484C1133BB9DE9180A2F48724D5108C7E43DA0AA65917CD7E543B66DB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. The key words of the supported languages, don't touch them! -->.. <Languages>.. <Language name="normal" ext="txt"/>.. <Language name="actionscript" ext="as mx" commentLine="//" commentStart="/*" commentEnd="*/">.. <Keywords name="instre1">add for lt tellTarget and function ne this break ge new typeof continue gt not var delete if on void do ifFrameLoaded onClipEvent while else in or with eq le return instanceof case default switch</Keywords>.. <Keywords name="type1">arguments constructor class dynamic false extends implements import interface intrinsic newline null private public super static true undefined Accessibility Arguments Array Boolean Button Camera ContextMenu ContextMenuItem CustomActions Color Date Error Function Key LoadVars LocalConnection Math Microphone Mouse MovieClip MovieClipLoader NetConnection NetStream Number PrintJob Object TextField StyleSheet TextFormat TextSna

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\plugins\config\converter.ini

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):646
                                                                                                                                                                                                                Entropy (8bit):4.682505027956032
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:SQ9mf8F8KbHrsJWAtMzFrHHriMzdwQpFaHrQBFDZtM+6djUY:SQd80LsgHrHLSQXaLQB/1Y
                                                                                                                                                                                                                MD5:F07150054A6AFFF4D8E9D58899167722
                                                                                                                                                                                                                SHA1:E092CD960AB728667D91B37D64A02D7F6821518B
                                                                                                                                                                                                                SHA-256:5B0A08439E8E93817772F84E1098F14152D9DA36C2601A0600DDAAE6F61359D0
                                                                                                                                                                                                                SHA-512:8C86AA4C058A8AB5FD26F21CACC8DDAFFA8CE6012BB329D3C5B817DA00B4B43018A575C768D1921C6EEAB7537F172C7CB3DE658B014365EA52FB3C87547182B9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:; This section contains the parameters for command ASCII -> Hex..; If you modify directly this file, please restart your Notepad++ to take effect...; * insertSpace: this parameter allows you to insert a white space between the generated hex codes. Set the value to 1 to enable it, 0 otherwise...; * uppercase: this parameter allows you to make a-f in UPPERCASE (ie. A-F). Set the value to 1 to enable it , 0 otherwise...; * nbCharPerLine: this parameter allows you to break line. The value you set is the number of ascii character per line. Set the value from 0 to whatever you want...[ascii2Hex]..insertSpace=0..uppercase=1..nbCharPerLine=16....

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\session.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (580), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):794
                                                                                                                                                                                                                Entropy (8bit):5.156344068849954
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TMHdYFhq/dG0/GpYZ4uDklTcuIYM7lixWKn6WqYSwMEDAoV5vfPuSjNhSxJR:2d/Gnkke9TKEYSwXUovfPBw
                                                                                                                                                                                                                MD5:11ED485C7A5A047E5B0F5DC586C0E5A6
                                                                                                                                                                                                                SHA1:8A61C467C78029BAD442379FE97CCFF927EF9909
                                                                                                                                                                                                                SHA-256:3CDB5CC92E68F76EDA3189D10F60D573892BFD9F90DA6D1009034551861F3D66
                                                                                                                                                                                                                SHA-512:7AD35E48A48CE08BE419F0F7E101B3AD92DA0988278DB51AD72F164002DF351514DD6DD3B7C3040D62CC619AF9A4573100B4998D8345432524F6E1062A6173B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. <Session activeView="0">.. <mainView activeIndex="0">.. <File firstVisibleLine="0" xOffset="0" scrollWidth="623" startPos="0" endPos="0" selMode="0" offset="0" wrapCount="1" lang="None (Normal Text)" encoding="-1" userReadOnly="no" filename="C:\Program Files\Notepad++\change.log" backupFilePath="" originalFileLastModifTimestamp="-532900608" originalFileLastModifTimestampHigh="31106197" tabColourId="-1" RTL="no" mapFirstVisibleDisplayLine="-1" mapFirstVisibleDocLine="-1" mapLastVisibleDocLine="-1" mapNbLine="-1" mapHigherPos="-1" mapWidth="-1" mapHeight="-1" mapKByteInDoc="512" mapWrapIndentMode="-1" mapIsWrap="no" />.. </mainView>.. <subView activeIndex="0" />.. </Session>..</NotepadPlus>..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\shortcuts.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3156
                                                                                                                                                                                                                Entropy (8bit):4.94472250118282
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:moSQ9lw5lA52S3PNfN01BkdtZaboMk8tZabxi:/+SkXkxi
                                                                                                                                                                                                                MD5:FB573784B83033DD4361F52006D02CB8
                                                                                                                                                                                                                SHA1:0A2923A44EC1BD5E7E8BC7CACE15857AE03BF63C
                                                                                                                                                                                                                SHA-256:37A24662CD55B627807BC2BB7CBBA5BBF2ABAF6DA4DD7BBB949BFAA7903EAE9C
                                                                                                                                                                                                                SHA-512:753B44B5E8BEA858CF5CC5DDFDC38098A2F3F921949CF98706EAD95BDFA1DE7AB0C115E9D69237623A03C422969480204C69D3BA277141527458C68230D0C67C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. <InternalCommands />.... .. You can organize you Macro menu & Run menu by adding the attribute 'FolderName="My sub-menu name"' to any Macro or Command node... This will place the corresponding node within a "My sub-menu name" sub-menu in the appropriate menu. Please consider the following examples:.. -->.. <Macros>.. .. <Macro name="aa" Ctrl="no" Alt="no" Shift="no" Key="0">.. <Action type="1" message="2170" wParam="0" lParam="0" sParam="A" />.. <Action type="1" message="2170" wParam="0" lParam="0" sParam="A" />.. </Macro>.. <Macro name="az" Ctrl="no" Alt="no" Shift="no" Key="0" FolderName="words">.. <Action type="1" message="2170" wParam="0" lParam="0" sParam="a" />.. <Action type="1" message="2170" wParam="0" lParam="0" sParam="z" />.. </Macro>.. <Macro name="qw" Ctrl="no" Alt="no" Shift="no" Key="0" FolderName="w

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\stylers.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):195033
                                                                                                                                                                                                                Entropy (8bit):4.8221021768101044
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:NMQLr9R89BJQ0gYMm7/yFUCpMcTyhoBeVA/foezo1elLcRXlz5OhMZeN79XE:NMA0BJfYpMcTWXA/fVo1elgRXUMgNe
                                                                                                                                                                                                                MD5:9FF5FB88C47AC8E7C99F9F340F2D909A
                                                                                                                                                                                                                SHA1:5C4ABD414ED87FC4F16EB9F9B39C690F3CD1CA22
                                                                                                                                                                                                                SHA-256:070A560ECD7AB3F787BD7674BDDE50AA906E895553F07BEB74FD140B193627FB
                                                                                                                                                                                                                SHA-512:8C1AF565B19803EE665147EE7D5DAB420F591E2FABA8D7F6DB95E9E9B911BDF9586FCA20851F04152FE4F7C98B354E3E16F84140DCAB9AAC22E0B2233C4CF4FC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>..<NotepadPlus>.. <LexerStyles>.. <LexerType name="actionscript" desc="ActionScript" ext="">.. <WordsStyle name="DEFAULT" styleID="11" fgColor="000000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="FUNCTION" styleID="20" fgColor="95004A" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" keywordClass="type2" />.. <WordsStyle name="PREPROCESSOR" styleID="9" fgColor="804000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" />.. <WordsStyle name="INSTRUCTION WORD" styleID="5" fgColor="0000FF" bgColor="FFFFFF" fontName="" fontStyle="1" fontSize="" keywordClass="instre1" />.. <WordsStyle name="TYPE WORD" styleID="16" fgColor="8000FF" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" keywordClass="type1" />.. <WordsStyle name="NUMBER" styleID="4" fgColor="FF8000" bgColor="FFFFFF" fontName="" fontStyle="0" fontSize="" />..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\tabContextMenu_example.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6849
                                                                                                                                                                                                                Entropy (8bit):4.90171473203624
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:WD3FsQ+hPKhLKhCKhNKhF+hH+hxhMh/hFhT+ho+hy+h8+h8+f/r+f/0f/pf/4f/w:WD3FAhyhmh5hghUhehxhMh/hFhCh1hfz
                                                                                                                                                                                                                MD5:D66B945D7B04CB9231ACCBDA32900F22
                                                                                                                                                                                                                SHA1:337EE7D17D31E1FCFFF8DB3AC516CE85D5FD92A5
                                                                                                                                                                                                                SHA-256:C827668180799DD17676B6006122C8BA39FA1718C9448FDE38280D66C9601ACF
                                                                                                                                                                                                                SHA-512:62C50920B435098D35EBC8952EB4521802CF23A8AABAEDA639FC68B248D41196A04C1F10E36EFFC265715092893279BC2CD41629DC53A23FFAC9EBF9EEAF1415
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>.. ..By modifying this file and renaming it to "tabContextMenu.xml", you can customize your context menu popuped while right clicking on the tab zone...It may be more convenient to access to your frequent used commands via the context menu than via the top menu.....Please check "How to Customize the Context Menu" on:..https://npp-user-manual.org/docs/config-files/#the-context-menu-tabcontextmenu-xml..-->..<NotepadPlus>...<TabContextMenu>.... ....Use MenuEntryName and MenuItemName to localize your commands to add. ....The values should be in English but not in translated language.....(You can set Notepad++ language back to English from Preferences dialog via menu "Settings->Preferences...")....-->....<Item MenuEntryName="File" MenuItemName="Close"/>...... ....Use FolderName (optional) to create sub-menu. FolderName value can be in any language (French, Japanese...).....-->....<Item FolderName="Close Multiple Tabs" MenuEntryName="File" Men

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\toolbarIcons.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2607
                                                                                                                                                                                                                Entropy (8bit):4.825669495198272
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:c/KaKcGb2af5e153cK4NVrpuGXXQZ4lAqyXCzH+9CPZ36RfXoL4C:kKLbfE153cJDrpuSbRuvEf
                                                                                                                                                                                                                MD5:BC4B775A277672FC7EDF956120576ECB
                                                                                                                                                                                                                SHA1:FE7C2DB5B4D4C5A3F5603CF56C4D71CC9EE2D71D
                                                                                                                                                                                                                SHA-256:4EC98DE37193F41242C1A47507BCC4C1AF555E71154F7354272BC3E664E19877
                                                                                                                                                                                                                SHA-512:F87DC3CE52831EE308FBFA2B1B94C07E2811E7028360F046E012F8EA5A8F0EBCD362DE7A663DEE810C3DA0791474C1485B1A2626C7867E76236156B125FF39B2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" ?>... ...This file is for customizing your toolbar icons.......To override the current toolbar icons, you need 2 things: this file and your icons set....Here are the instructions to customize your toolbar icons:......1. Put this file ("toolbarIcons.xml") in the same folder as "config.xml" file (Note 1)....2. Create a new folder "toolbarIcons" in the folder where you put "toolbarIcons.xml" file....3. Edit this file ("toolbarIcons.xml"): put the icon set name you want in "icoFolderName" attribute (Note 2).... For example: <ToolBarIcons icoFolderName="myAwesomeIcons" />...4. Go into "toolbarIcons" folder and create a new folder with the exact name of the icon set name you provided in "icoFolderName"....5. Put all your customized icons into "[toolbarIcons.xml's folder]\toolbarIcons\myAwesomeIcons\"....6. Now it's the magic moment: Relaunch Notepad++ and you'll see your icon set instead of the default icons.......Note:...1. If you find the file "doL

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\userDefineLangs\markdown._preinstalled.udl.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6406
                                                                                                                                                                                                                Entropy (8bit):5.082344700597721
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:S1VhOpiLM1eMDZ+JNejAUeQVFgDeQeleneReiA+5AmAiAC4UeieoeoevegAT2:SHhOpiLM1eMr1DPXyV
                                                                                                                                                                                                                MD5:672E6D5F89887666EC94711E442644E0
                                                                                                                                                                                                                SHA1:8D069AE93347316EFF0DCF7AFF4D22DA18A62AF2
                                                                                                                                                                                                                SHA-256:B34FE6811DACFE49D77D434123867E866DAF6E0E27387A0446887DABE8943F04
                                                                                                                                                                                                                SHA-512:8FC5E9BBE027826304FA6F329FB16E4C9E4E7A597D87E9C691ED6A9F505B7BC1967339B43C6426105432A030260B0654468AB8FCBB4312B2FB6ED6C6AA537EDC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview: //..Markdown-plus-plus is a project to support Markdown syntax in Notepad++...All UDLs are carefully designed by human, rather than generated by machine.....Want an UDL for different theme?..Want to change its preference?..Want to create your own?..Go get it: https://github.com/Edditoria/markdown-plus-plus....Please read the README file for details...Welcome issues and pull requests via the above link.....Copyright (c) Edditoria. Open source under the MIT license:..https://github.com/Edditoria/markdown-plus-plus/blob/master/LICENSE.txt..//-->..<NotepadPlus>.. <UserLang name="Markdown (preinstalled)" ext="md markdown" udlVersion="2.1">.. <Settings>.. <Global caseIgnored="yes" allowFoldOfComments="no" foldCompact="no" forcePureLC="2" decimalSeparator="0" />.. <Prefix Keywords1="yes" Keywords2="yes" Keywords3="yes" Keywords4="yes" Keywords5="yes" Keywords6="yes" Keywords7="yes" Keywords8="no" />.. </Settings>.. <KeywordLists>..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Notepad++\userDefineLangs\markdown._preinstalled_DM.udl.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6439
                                                                                                                                                                                                                Entropy (8bit):5.114879076230785
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:H6hOpiLM1eMDr+JNeScx0cWcHclcGcBcCcfcFcbcRcCccclcRcOcicmcYcqcqcdu:ahOpiLM1eMwI0JUGVKdo+YWV3K6JVBTn
                                                                                                                                                                                                                MD5:3690CEF1865E32FE6BE1B2EC7656539A
                                                                                                                                                                                                                SHA1:BC043BEC63C310A60D9E242810036460C467945D
                                                                                                                                                                                                                SHA-256:E45E49F0895249D951DF2C07E0F06CA1242E05C961DD921E5AA2781AE2E7FF25
                                                                                                                                                                                                                SHA-512:C2BE869D96BAEC2018E13DCF5934DD9CF74146541E852CC2EEDB4D83A8AF23E2577CDE7A0158FEFAA11056416FF039DF3A7725E320620193E9BFE72C8067C051
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview: //..Markdown-plus-plus is a project to support Markdown syntax in Notepad++...All UDLs are carefully designed by human, rather than generated by machine...Want an UDL for different theme?..Want to change its preference?..Want to create your own?..Go get it: https://github.com/Edditoria/markdown-plus-plus..Please read the README file for details...Welcome issues and pull requests via the above link...Copyright (c) Edditoria. Open source under the MIT license:..https://github.com/Edditoria/markdown-plus-plus/blob/master/LICENSE.txt..//-->..<NotepadPlus>.. <UserLang name="Markdown (preinstalled dark mode)" ext="md markdown" darkModeTheme="yes" udlVersion="2.1">.. <Settings>.. <Global caseIgnored="yes" allowFoldOfComments="no" foldCompact="no" forcePureLC="2" decimalSeparator="0" />.. <Prefix Keywords1="yes" Keywords2="yes" Keywords3="yes" Keywords4="yes" Keywords5="yes" Keywords6="yes" Keywords7="yes" Keywords8="no" />.. </Settings>.. <Key

                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                Entropy (8bit):7.982054652132125
                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                File name:npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                File size:4'854'296 bytes
                                                                                                                                                                                                                MD5:d401161afb56b8647202e031cec1ae78
                                                                                                                                                                                                                SHA1:6eb7ed61ccdb0bd5018271a3ec24b63b913fc281
                                                                                                                                                                                                                SHA256:81470eb5917705fa0df03181b8112422671842bdcec5252a7894975b38058c91
                                                                                                                                                                                                                SHA512:01df1134b9f4d6bb44a8f23a9ba8191dbfb20ed1eb5f249331000955f6b340b1e3e3a6c0e237456a39a712f77d90fe85fc4b946832c88fe4617e45daea9c966b
                                                                                                                                                                                                                SSDEEP:98304:YtvLd2AV2+xDkRCH60uSzAUc8/hx2y5ho31X9pf86Mxxik5WVzZpZvO:YtBTZFET0Jcq2Kho31Xf06MzvAF/ZG
                                                                                                                                                                                                                TLSH:8B2633492759CC34C96107312A7B9229C177FBA92B5E424B37F13ABB7D32302BC95AC5
                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L...g..d.................h...".....

                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                Icon Hash:5e6b791b35279670

                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Entrypoint:0x403645
                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                Time Stamp:0x64A0DC67 [Sun Jul 2 02:09:43 2023 UTC]
                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                Import Hash:9dda1a1d1f8a1d13ae0297b47046b26e

                                                                                                                                                                                                                Authenticode Signature

                                                                                                                                                                                                                Signature Valid:true
                                                                                                                                                                                                                Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                Error Number:0
                                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                                • 13/05/2022 01:00:00 15/05/2025 00:59:59
                                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                                • CN="Notepad++", O="Notepad++", L=Saint Cloud, S=Ile-de-France, C=FR
                                                                                                                                                                                                                Version:3
                                                                                                                                                                                                                Thumbprint MD5:15E2254C8FC88D4A538BA4FB09C0019E
                                                                                                                                                                                                                Thumbprint SHA-1:A731D48CD8E2A99BB91F7C096F40CEDF3A468BA6
                                                                                                                                                                                                                Thumbprint SHA-256:866B46DC0876C0B9C85AFE6569E49352A021C255C8E7680DF6AC1FDBAD677033
                                                                                                                                                                                                                Serial:03AA6492DE9D96A90A4BCA97BEADB44A

                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                sub esp, 000003F8h
                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                push 00000020h
                                                                                                                                                                                                                pop edi
                                                                                                                                                                                                                xor ebp, ebp
                                                                                                                                                                                                                push 00008001h
                                                                                                                                                                                                                mov dword ptr [esp+20h], ebp
                                                                                                                                                                                                                mov dword ptr [esp+18h], 0040A230h
                                                                                                                                                                                                                mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                call dword ptr [004080A0h]
                                                                                                                                                                                                                mov esi, dword ptr [004080A4h]
                                                                                                                                                                                                                lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                mov dword ptr [esp+4Ch], ebp
                                                                                                                                                                                                                mov dword ptr [esp+0000014Ch], ebp
                                                                                                                                                                                                                mov dword ptr [esp+00000150h], ebp
                                                                                                                                                                                                                mov dword ptr [esp+38h], 0000011Ch
                                                                                                                                                                                                                call esi
                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                jne 00007EFD0D0208DAh
                                                                                                                                                                                                                lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                mov dword ptr [esp+34h], 00000114h
                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                call esi
                                                                                                                                                                                                                mov ax, word ptr [esp+48h]
                                                                                                                                                                                                                mov ecx, dword ptr [esp+62h]
                                                                                                                                                                                                                sub ax, 00000053h
                                                                                                                                                                                                                add ecx, FFFFFFD0h
                                                                                                                                                                                                                neg ax
                                                                                                                                                                                                                sbb eax, eax
                                                                                                                                                                                                                mov byte ptr [esp+0000014Eh], 00000004h
                                                                                                                                                                                                                not eax
                                                                                                                                                                                                                and eax, ecx
                                                                                                                                                                                                                mov word ptr [esp+00000148h], ax
                                                                                                                                                                                                                cmp dword ptr [esp+38h], 0Ah
                                                                                                                                                                                                                jnc 00007EFD0D0208A8h
                                                                                                                                                                                                                and word ptr [esp+42h], 0000h
                                                                                                                                                                                                                mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                                movzx ecx, byte ptr [esp+3Ch]
                                                                                                                                                                                                                mov dword ptr [00429B18h], eax
                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                mov ah, byte ptr [esp+38h]
                                                                                                                                                                                                                movzx eax, ax
                                                                                                                                                                                                                or eax, ecx
                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                mov ch, byte ptr [esp+00000148h]
                                                                                                                                                                                                                movzx ecx, cx
                                                                                                                                                                                                                shl eax, 10h
                                                                                                                                                                                                                or eax, ecx
                                                                                                                                                                                                                movzx ecx, byte ptr [esp+0000004Eh]

                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x450000x261e0.rsrc
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x49e8c00x2958
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                .text0x10000x66b70x6800e65344ac983813901119e185754ec24eFalse0.6607196514423077data6.4378696011937135IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .rdata0x80000x13580x1400bd82d08a08da8783923a22b467699302False0.4431640625data5.103358601944578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .data0xa0000x1fb780x600caa377d001cfc3215a3edff6d7702132False0.5091145833333334data4.126209888385862IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .ndata0x2a0000x1b0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .rsrc0x450000x261e00x262003499fbd59cbe40503da435efd3406c27False0.5158491290983607data5.731158304321344IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                RT_BITMAP0x45cd00x666Device independent bitmap graphic, 96 x 16 x 8, image size 1538, resolution 2868 x 2868 px/m, 15 important colorsEnglishUnited States0.18192918192918192
                                                                                                                                                                                                                RT_ICON0x463380x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.2789394297882409
                                                                                                                                                                                                                RT_ICON0x56b600xc7baPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.999628398200665
                                                                                                                                                                                                                RT_ICON0x633200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.420850622406639
                                                                                                                                                                                                                RT_ICON0x658c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4948405253283302
                                                                                                                                                                                                                RT_ICON0x669700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6790780141843972
                                                                                                                                                                                                                RT_DIALOG0x66dd80xb4dataEnglishUnited States0.6111111111111112
                                                                                                                                                                                                                RT_DIALOG0x66e900x120dataEnglishUnited States0.5138888888888888
                                                                                                                                                                                                                RT_DIALOG0x66fb00x158dataEnglishUnited States0.5261627906976745
                                                                                                                                                                                                                RT_DIALOG0x671080x200dataEnglishUnited States0.3984375
                                                                                                                                                                                                                RT_DIALOG0x673080xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                RT_DIALOG0x674000xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                RT_DIALOG0x674a00xeedataEnglishUnited States0.6302521008403361
                                                                                                                                                                                                                RT_DIALOG0x675900xb4dataEnglishUnited States0.6888888888888889
                                                                                                                                                                                                                RT_DIALOG0x676480x120dataEnglishUnited States0.5381944444444444
                                                                                                                                                                                                                RT_DIALOG0x677680x158dataEnglishUnited States0.5581395348837209
                                                                                                                                                                                                                RT_DIALOG0x678c00x200dataEnglishUnited States0.4140625
                                                                                                                                                                                                                RT_DIALOG0x67ac00xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                RT_DIALOG0x67bb80xa0dataEnglishUnited States0.68125
                                                                                                                                                                                                                RT_DIALOG0x67c580xeedataEnglishUnited States0.6596638655462185
                                                                                                                                                                                                                RT_DIALOG0x67d480xb4dataEnglishUnited States0.6888888888888889
                                                                                                                                                                                                                RT_DIALOG0x67e000x120dataEnglishUnited States0.5381944444444444
                                                                                                                                                                                                                RT_DIALOG0x67f200x158dataEnglishUnited States0.5581395348837209
                                                                                                                                                                                                                RT_DIALOG0x680780x200dataEnglishUnited States0.4140625
                                                                                                                                                                                                                RT_DIALOG0x682780xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                RT_DIALOG0x683700xa0dataEnglishUnited States0.68125
                                                                                                                                                                                                                RT_DIALOG0x684100xeedataEnglishUnited States0.6596638655462185
                                                                                                                                                                                                                RT_DIALOG0x685000xb4dataEnglishUnited States0.6888888888888889
                                                                                                                                                                                                                RT_DIALOG0x685b80x120dataEnglishUnited States0.5381944444444444
                                                                                                                                                                                                                RT_DIALOG0x686d80x158dataEnglishUnited States0.5581395348837209
                                                                                                                                                                                                                RT_DIALOG0x688300x200dataEnglishUnited States0.4140625
                                                                                                                                                                                                                RT_DIALOG0x68a300xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                RT_DIALOG0x68b280xa0dataEnglishUnited States0.68125
                                                                                                                                                                                                                RT_DIALOG0x68bc80xeedataEnglishUnited States0.6596638655462185
                                                                                                                                                                                                                RT_DIALOG0x68cb80xacdataEnglishUnited States0.6337209302325582
                                                                                                                                                                                                                RT_DIALOG0x68d680x118dataEnglishUnited States0.5321428571428571
                                                                                                                                                                                                                RT_DIALOG0x68e800x150dataEnglishUnited States0.5386904761904762
                                                                                                                                                                                                                RT_DIALOG0x68fd00x1f8dataEnglishUnited States0.4027777777777778
                                                                                                                                                                                                                RT_DIALOG0x691c80xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                RT_DIALOG0x692b80x98dataEnglishUnited States0.625
                                                                                                                                                                                                                RT_DIALOG0x693500xe6dataEnglishUnited States0.6652173913043479
                                                                                                                                                                                                                RT_DIALOG0x694380xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                RT_DIALOG0x694d80x10cdataEnglishUnited States0.5111940298507462
                                                                                                                                                                                                                RT_DIALOG0x695e80x144dataEnglishUnited States0.5216049382716049
                                                                                                                                                                                                                RT_DIALOG0x697300x1ecdataEnglishUnited States0.3861788617886179
                                                                                                                                                                                                                RT_DIALOG0x699200xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                RT_DIALOG0x69a080x8cdataEnglishUnited States0.5928571428571429
                                                                                                                                                                                                                RT_DIALOG0x69a980xdadataEnglishUnited States0.6513761467889908
                                                                                                                                                                                                                RT_DIALOG0x69b780xa0dataEnglishUnited States0.6
                                                                                                                                                                                                                RT_DIALOG0x69c180x10cdataEnglishUnited States0.5111940298507462
                                                                                                                                                                                                                RT_DIALOG0x69d280x144dataEnglishUnited States0.5185185185185185
                                                                                                                                                                                                                RT_DIALOG0x69e700x1ecdataEnglishUnited States0.3861788617886179
                                                                                                                                                                                                                RT_DIALOG0x6a0600xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                RT_DIALOG0x6a1480x8cdataEnglishUnited States0.5857142857142857
                                                                                                                                                                                                                RT_DIALOG0x6a1d80xdadataEnglishUnited States0.6467889908256881
                                                                                                                                                                                                                RT_DIALOG0x6a2b80xa4dataEnglishUnited States0.6158536585365854
                                                                                                                                                                                                                RT_DIALOG0x6a3600x110dataEnglishUnited States0.5183823529411765
                                                                                                                                                                                                                RT_DIALOG0x6a4700x148dataEnglishUnited States0.5274390243902439
                                                                                                                                                                                                                RT_DIALOG0x6a5b80x1f0dataEnglishUnited States0.3911290322580645
                                                                                                                                                                                                                RT_DIALOG0x6a7a80xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                RT_DIALOG0x6a8900x90dataEnglishUnited States0.6041666666666666
                                                                                                                                                                                                                RT_DIALOG0x6a9200xdedataEnglishUnited States0.6621621621621622
                                                                                                                                                                                                                RT_GROUP_ICON0x6aa000x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                                                                                                RT_VERSION0x6aa500x29cdataEnglishUnited States0.5224550898203593
                                                                                                                                                                                                                RT_MANIFEST0x6acf00x4ecXML 1.0 document, ASCII text, with very long lines (1260), with no line terminatorsEnglishUnited States0.4857142857142857

                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                                                                                                                SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                                                                                                                                                ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                                COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                                                                                                USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                                                                                                                                                GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                                                                                                                                                KERNEL32.dllRemoveDirectoryW, lstrcmpiA, GetTempFileNameW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, WriteFile, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, CopyFileW

                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.002207041 CEST49739443192.168.2.484.32.84.219
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.002302885 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.002403021 CEST49739443192.168.2.484.32.84.219
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.017095089 CEST49739443192.168.2.484.32.84.219
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.017173052 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.546405077 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.547029972 CEST49739443192.168.2.484.32.84.219
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.554250002 CEST49739443192.168.2.484.32.84.219
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.554332018 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.554775953 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.557528973 CEST49739443192.168.2.484.32.84.219
                                                                                                                                                                                                                Oct 11, 2024 20:35:02.603415966 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:03.210464001 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:03.210628986 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:03.210696936 CEST49739443192.168.2.484.32.84.219
                                                                                                                                                                                                                Oct 11, 2024 20:35:03.224664927 CEST49739443192.168.2.484.32.84.219
                                                                                                                                                                                                                Oct 11, 2024 20:35:03.224735022 CEST4434973984.32.84.219192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.268054962 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.268165112 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.268251896 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.268994093 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.269028902 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.946882010 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.946965933 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.949215889 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.949243069 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.949651003 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.950921059 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.991430044 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.203466892 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.203695059 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.203717947 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.203763962 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.203854084 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.240113974 CEST49745443192.168.2.4140.82.121.3
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.240160942 CEST44349745140.82.121.3192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.279423952 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.279489040 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.279762983 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.279942989 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.279963017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.746403933 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.749423027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.765404940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.765472889 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.766349077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.768130064 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.815483093 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.082566023 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.082775116 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.082922935 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083009958 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083036900 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083113909 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083158016 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083228111 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083283901 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083301067 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083421946 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083482981 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083496094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083585978 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083642960 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083656073 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083748102 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083803892 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.083817959 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.086958885 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087040901 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087053061 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087363958 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087415934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087423086 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087516069 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087563038 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087570906 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087651014 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087702990 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.087709904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.088314056 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.088366985 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.088373899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.088479042 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.088529110 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.088537931 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.089099884 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.089154005 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.089160919 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.089248896 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.089296103 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.089303017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.089951992 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.090024948 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.090029001 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.090056896 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.090143919 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.090156078 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100578070 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100655079 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100667000 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100764036 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100816965 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100824118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100909948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100960016 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.100966930 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101058006 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101109982 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101115942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101275921 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101330996 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101336956 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101425886 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101476908 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101484060 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101574898 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101634979 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.101641893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.103022099 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.103044033 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.103092909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.103101969 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.103166103 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.104840994 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.104886055 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.104918003 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.104924917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.104960918 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.156903982 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188122988 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188189030 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188329935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188329935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188363075 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188407898 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188646078 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188688993 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188714981 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188720942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188774109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.188800097 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.189474106 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.189516068 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.189553022 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.189568043 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.189603090 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.189625025 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.190448046 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.190488100 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.190531969 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.190545082 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.190581083 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.190602064 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.191509008 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.191549063 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.191591978 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.191603899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.191643953 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.191664934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.192964077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.193006992 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.193047047 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.193059921 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.193093061 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.193120956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274444103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274514914 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274669886 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274671078 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274705887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274753094 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274760962 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274794102 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274836063 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274844885 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274859905 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274874926 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274909973 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.274952888 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.275470018 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.275520086 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.275552034 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.275566101 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.275597095 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.275619030 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279442072 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279490948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279536009 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279548883 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279581070 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279617071 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279696941 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279737949 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279768944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279781103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279814959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.279839993 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.280577898 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.280623913 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.280673027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.280685902 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.280730009 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.280752897 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.281055927 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.281099081 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.281146049 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.281158924 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.281198978 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.281244993 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362276077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362339973 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362485886 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362485886 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362513065 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362544060 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362581015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362595081 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362616062 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362627983 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362659931 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362680912 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362747908 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362802982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362838984 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362843990 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362878084 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362911940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.362960100 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363030910 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363064051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363082886 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363115072 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363142014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363197088 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363245964 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363308907 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363322020 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363358974 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363408089 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363421917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363447905 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363493919 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363512039 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363526106 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363553047 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363591909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363651991 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363692045 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363698006 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363724947 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363739967 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363787889 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363887072 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363926888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363967896 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.363980055 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.364007950 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.364041090 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.366117001 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448452950 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448528051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448645115 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448645115 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448674917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448700905 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448734999 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448760033 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448765993 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448828936 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448926926 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448971987 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448987961 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.448993921 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449018955 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449045897 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449121952 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449166059 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449213028 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449225903 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449256897 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449279070 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449429989 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449474096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449498892 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449512005 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449538946 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.449563980 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450488091 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450552940 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450581074 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450592995 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450634003 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450671911 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450714111 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450759888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450783014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450793982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450829983 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450850010 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450871944 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450911999 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.450992107 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.451004028 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.451065063 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.451065063 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535512924 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535547018 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535634041 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535660982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535773039 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535804033 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535826921 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535854101 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535871983 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535872936 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535880089 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535931110 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.535939932 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536283016 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536305904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536354065 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536369085 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536401033 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536686897 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536716938 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536760092 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536773920 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536798954 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536803007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536866903 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536880016 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.536933899 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537168980 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537189007 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537244081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537256956 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537288904 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537316084 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537661076 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537678957 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537724018 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537735939 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537764072 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.537786007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.538140059 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.538158894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.538208961 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.538220882 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.538250923 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.538278103 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.539527893 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.622481108 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.622518063 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.622773886 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.622848034 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.622858047 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.622934103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.622978926 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623090029 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623112917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623298883 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623300076 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623300076 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623383045 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623652935 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623680115 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623814106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623814106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.623847961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624026060 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624051094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624097109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624104977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624133110 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624361038 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624387026 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624420881 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624425888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.624453068 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625072002 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625094891 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625135899 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625140905 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625188112 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625463963 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625489950 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625528097 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625533104 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.625562906 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.672234058 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.683553934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710084915 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710117102 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710235119 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710304022 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710401058 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710500956 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710544109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710586071 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710601091 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710634947 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710656881 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710705042 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710743904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710776091 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710791111 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710822105 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710840940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.710962057 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711000919 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711045027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711057901 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711085081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711107016 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711149931 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711231947 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711232901 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711285114 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711338997 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711347103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711379051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711448908 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711448908 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711472988 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711524010 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711564064 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.711601973 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712337017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712378025 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712424040 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712435961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712474108 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712496042 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712754965 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712795973 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712837934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712850094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.712929010 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.713409901 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.713707924 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.757741928 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.757803917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.757890940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.757963896 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.758004904 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.758029938 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799560070 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799637079 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799819946 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799849033 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799849987 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799870968 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799930096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799992085 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.799993038 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800035000 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800076008 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800148964 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800173998 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800211906 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800244093 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800288916 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800332069 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800365925 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800395012 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800467014 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800508976 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800539970 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800554037 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800582886 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800677061 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800724030 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800750017 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800762892 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800796032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800874949 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800914049 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800946951 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800960064 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.800986052 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.846708059 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.847676992 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.847753048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.847846985 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.847887993 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.847927094 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.847950935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887347937 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887455940 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887526035 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887547016 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887576103 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887613058 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887753010 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887794018 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.887851954 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888010025 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888008118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888048887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888082981 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888088942 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888128996 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888153076 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888170958 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.888207912 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890386105 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890482903 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890486002 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890517950 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890563965 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890692949 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890743971 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890764952 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890778065 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890858889 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890860081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890885115 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890923977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890927076 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.890993118 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.891006947 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.892049074 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996180058 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996246099 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996334076 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996366024 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996401072 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996401072 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996419907 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996438026 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996478081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996488094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996520042 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996534109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996570110 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996594906 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996629953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996669054 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996704102 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996716022 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996743917 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996793032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996817112 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996855974 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996893883 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996906996 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996934891 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.996958971 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997003078 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997040033 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997080088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997092009 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997126102 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997143030 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997184992 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997221947 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997258902 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997271061 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997298956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997323036 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997349024 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997387886 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997441053 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997452974 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997483969 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997503996 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997555971 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997607946 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997653008 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997664928 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997704029 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:08.997725010 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.001198053 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.064480066 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.064549923 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.064606905 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.064677000 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.064713955 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.064740896 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.082736969 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.082777977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.082834005 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.082849979 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.082885981 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.082905054 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.082968950 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083014011 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083038092 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083050966 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083122015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083122015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083228111 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083271027 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083301067 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083312988 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083342075 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083367109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083550930 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083591938 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083617926 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083630085 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083658934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083693981 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083926916 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.083975077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084011078 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084022999 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084050894 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084069014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084180117 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084224939 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084258080 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084270000 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084299088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084320068 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084662914 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084702969 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084754944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084768057 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084799051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.084872007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.085272074 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.085328102 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.085345030 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.085365057 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.085393906 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.085915089 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169378996 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169450998 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169480085 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169495106 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169538021 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169557095 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169847012 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169888020 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169930935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169944048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.169991016 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170022964 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170473099 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170514107 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170553923 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170597076 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170635939 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170655966 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170758963 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170804024 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170833111 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170845032 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170890093 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170918941 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.170977116 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171017885 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171046972 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171058893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171099901 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171118975 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171257019 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171310902 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171339989 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171351910 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171406984 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171406984 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171607018 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171650887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171684027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171695948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171725035 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171757936 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171916962 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171947002 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.171964884 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.172000885 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.172014952 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.172074080 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.172094107 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.172357082 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.172557116 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.256616116 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.256680965 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.256719112 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.256746054 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.256771088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.256798983 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257272005 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257323980 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257364988 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257375002 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257405996 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257437944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257566929 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257586002 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257627964 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257642031 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257672071 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257693052 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257921934 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257941961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257987022 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.257999897 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258042097 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258060932 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258440971 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258462906 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258512020 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258528948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258555889 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258580923 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258888006 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258907080 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258949995 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.258961916 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259005070 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259026051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259166956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259393930 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259423018 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259469032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259481907 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259509087 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259535074 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259829998 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259850025 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259912014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.259927034 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.260008097 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.343585968 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.343630075 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.343678951 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.343714952 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.343748093 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.343997002 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344198942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344243050 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344270945 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344284058 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344322920 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344352007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344646931 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344686985 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344728947 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344741106 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344773054 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.344793081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345036983 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345077991 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345115900 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345128059 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345170975 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345192909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345441103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345482111 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345521927 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345535040 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345566034 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345592022 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345732927 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345772982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345802069 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345814943 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345849991 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.345884085 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346095085 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346138954 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346177101 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346189022 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346221924 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346242905 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346383095 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346426964 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346482992 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346513033 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346524954 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346554995 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346554995 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346591949 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.346689939 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.439743996 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.439812899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.439850092 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.439874887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.439918041 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.439939976 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440120935 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440174103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440212965 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440227985 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440258026 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440284014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440644979 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440687895 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440709114 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440716028 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440748930 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.440771103 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441090107 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441129923 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441158056 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441164017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441209078 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441375971 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441417933 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441442013 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441447973 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441489935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441827059 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441869020 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441907883 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441914082 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441951990 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.441975117 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442238092 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442286968 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442325115 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442332029 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442367077 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442389011 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442478895 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442568064 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442609072 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442647934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442655087 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442667007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442687035 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442738056 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.442821026 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528018951 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528079987 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528131008 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528172970 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528202057 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528247118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528287888 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528299093 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528331995 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528335094 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528376102 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528420925 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528701067 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528740883 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528769970 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528783083 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528816938 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528850079 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528929949 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.528995037 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.529011965 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.529066086 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.529103994 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.529370070 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.529411077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.529429913 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.529444933 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.529486895 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530239105 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530277967 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530324936 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530342102 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530383110 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530683994 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530723095 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530751944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530766010 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.530802965 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.531013966 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.531058073 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.531085014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.531099081 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.531126976 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.531147957 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.614806890 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.614839077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.614885092 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.614895105 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.614933014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.614960909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615204096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615246058 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615272045 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615278959 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615314960 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615334034 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615530014 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615571976 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615618944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615624905 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615637064 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615664959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615941048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.615981102 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616012096 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616018057 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616050005 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616072893 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616282940 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616322994 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616370916 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616377115 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616405964 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.616429090 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617208004 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617249012 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617290020 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617295980 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617335081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617356062 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617520094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617558956 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617588043 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617594004 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617641926 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617921114 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617960930 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617986917 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.617999077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.618027925 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.618048906 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702111959 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702158928 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702200890 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702235937 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702255011 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702325106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702372074 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702414036 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702439070 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702455997 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702495098 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702517986 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702632904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702687025 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702709913 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702718019 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.702750921 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703042984 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703088999 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703110933 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703119993 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703146935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703463078 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703502893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703531981 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703540087 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.703564882 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704341888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704379082 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704421043 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704427004 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704453945 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704549074 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704587936 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704612017 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704618931 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704652071 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.704845905 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.705048084 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.705089092 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.705121994 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.705127954 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.705158949 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.750231981 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.795948982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.795990944 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796042919 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796077013 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796114922 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796165943 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796772957 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796813965 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796873093 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796890974 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796922922 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.796943903 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797048092 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797087908 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797121048 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797132969 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797162056 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797188997 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797909975 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797950029 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.797995090 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798002958 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798038960 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798058033 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798156977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798194885 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798218966 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798226118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798259020 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.798281908 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800486088 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800528049 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800559998 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800568104 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800616980 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800641060 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800734043 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800772905 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800801039 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.800807953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.801018000 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.801060915 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.801060915 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.801068068 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.801081896 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.801094055 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.801126957 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.801162004 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.883466959 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.883538961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.883589029 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.883599997 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.883624077 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.883637905 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.884790897 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.884834051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.884866953 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.884872913 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.884939909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885031939 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885081053 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885113001 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885118961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885142088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885159016 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885210037 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885250092 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885278940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885298967 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885348082 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885369062 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885399103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885443926 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885474920 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885482073 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885508060 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.885539055 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887545109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887592077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887651920 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887661934 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887707949 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887797117 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887842894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887872934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887881994 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887902975 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.887926102 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.888060093 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.888098955 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.888124943 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.888130903 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.888169050 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.888189077 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.970410109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.970479012 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.970673084 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.970674038 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.970745087 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971009016 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971530914 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971604109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971640110 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971712112 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971750975 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971775055 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971779108 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971808910 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971848965 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971858978 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971880913 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971896887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971930027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.971970081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.972313881 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.972358942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.972405910 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.972419977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.972446918 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.972477913 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.972976923 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.973073006 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.973104000 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.973117113 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.973159075 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.973179102 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.974920034 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.974967957 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975014925 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975028038 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975075006 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975097895 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975147009 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975199938 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975244045 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975289106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975301027 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975327969 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975349903 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975414038 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975553036 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975591898 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975636959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975651026 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975697041 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:09.975718021 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.057687998 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.057749987 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.057933092 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.057933092 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058039904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058125019 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058607101 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058667898 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058809042 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058809042 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058821917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058878899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058927059 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058929920 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058948994 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.058978081 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.059022903 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.059046030 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.059175014 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.059214115 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.059242964 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.059257984 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.059314013 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.059335947 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.060038090 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.060101032 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.060148954 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.060162067 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.060203075 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.060228109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.061870098 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.061920881 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.061961889 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.061974049 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062011957 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062030077 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062094927 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062174082 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062180996 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062218904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062253952 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062761068 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062802076 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062830925 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062845945 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.062880993 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.109751940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.110706091 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.110766888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.110941887 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.110941887 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.111011028 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.111099005 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155175924 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155242920 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155278921 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155352116 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155407906 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155407906 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155442953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155550003 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155581951 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155596018 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155625105 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155644894 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155706882 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155745983 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155778885 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155791998 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155821085 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155841112 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155889034 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155927896 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155961990 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.155973911 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156002045 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156032085 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156035900 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156066895 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156104088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156116009 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156137943 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156150103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156198025 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156219959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156275988 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156323910 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156349897 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156363010 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156394958 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156452894 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156512022 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156553030 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156604052 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156604052 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156619072 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.156687021 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.159303904 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.199198961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.199273109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.199322939 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.199409962 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.199459076 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.199589014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242058992 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242121935 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242161989 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242189884 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242225885 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242247105 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242341995 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242383003 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242418051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242435932 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242466927 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242506981 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242507935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242535114 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242616892 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242615938 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242661953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242707968 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242711067 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242753983 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242754936 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242783070 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242794991 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.242947102 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243220091 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243262053 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243315935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243328094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243359089 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243442059 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243782997 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243830919 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243861914 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243875027 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243910074 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.243944883 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.244056940 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.244097948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.244131088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.244143009 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.244168043 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.244203091 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.286789894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.286853075 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.286887884 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.286906958 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.286941051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.286962986 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329436064 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329511881 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329549074 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329591990 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329618931 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329644918 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329716921 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329766035 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329797983 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329816103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329842091 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329868078 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329914093 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329953909 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.329992056 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330003977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330029011 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330085039 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330085993 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330113888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330157995 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330167055 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330204964 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330215931 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330244064 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330287933 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330321074 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330372095 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330399990 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330411911 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330455065 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330476999 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.330986023 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331026077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331075907 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331088066 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331113100 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331140041 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331151962 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331176996 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331212044 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331218958 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331253052 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331265926 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331295013 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.331322908 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.332062006 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.373727083 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.373805046 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.373872042 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.373900890 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.373933077 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.373951912 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.416920900 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.416982889 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417130947 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417130947 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417202950 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417253017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417303085 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417351007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417375088 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417408943 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417465925 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417504072 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417536974 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417551994 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417586088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417627096 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417768002 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417807102 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417855978 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417867899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417897940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.417984009 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418034077 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418073893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418114901 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418127060 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418155909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418179035 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418752909 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418792009 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418823957 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418836117 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418867111 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.418889999 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.419003010 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.419043064 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.419070959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.419083118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.419115067 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.421395063 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.460758924 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.460830927 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.460980892 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.460980892 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.461051941 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.461108923 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504297018 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504363060 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504507065 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504551888 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504551888 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504631042 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504677057 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504686117 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504697084 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504712105 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504751921 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504767895 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504803896 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504822969 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504853010 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504874945 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.504935026 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505053043 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505157948 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505158901 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505168915 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505235910 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505291939 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505858898 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505898952 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505947113 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505964994 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.505995035 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.506045103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.506095886 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.506113052 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.506128073 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.506159067 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.547266960 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.550338984 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.550412893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.550586939 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.550586939 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.550658941 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.550724030 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591197968 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591269016 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591325045 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591415882 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591464996 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591464996 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591495037 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591536045 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591677904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591730118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591763973 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591763973 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591763973 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591835976 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.591888905 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.592425108 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.592485905 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.592622042 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.592622042 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.592694044 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593194962 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593266010 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593285084 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593302011 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593333006 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593444109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593483925 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593516111 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593533039 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.593563080 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.594125032 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.594172955 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.594197035 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.594212055 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.594249964 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.595235109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.637607098 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.637677908 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.637979984 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.637979984 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.638048887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678103924 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678173065 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678317070 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678317070 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678354025 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678385019 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678426027 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678426027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678452015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678491116 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678527117 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678549051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678829908 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678869963 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678899050 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678915024 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678944111 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.678966045 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.679060936 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.679104090 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.679128885 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.679141045 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.679169893 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.679191113 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680335999 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680377960 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680445910 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680445910 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680463076 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680608988 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680655956 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680706024 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680766106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680766106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680780888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.680979013 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.681021929 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.681024075 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.681057930 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.681067944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.681087017 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.681108952 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.692239046 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.724262953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.724334955 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.724476099 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.724476099 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.724549055 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.724620104 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765059948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765124083 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765265942 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765265942 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765300035 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765331030 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765382051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765382051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765424013 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765469074 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765497923 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765523911 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765698910 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765743971 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765779972 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765791893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765820026 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765841007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765856028 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765906096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765919924 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765933037 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765966892 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.765988111 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767241955 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767285109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767311096 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767322063 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767349005 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767369032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767503977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767554998 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767580032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767591953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767617941 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.767640114 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.768028021 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.768053055 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.768100977 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.768114090 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.768140078 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.768316984 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.811932087 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.811989069 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.812139034 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.812139034 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.812208891 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.812371969 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.852461100 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.852510929 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.852554083 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.852582932 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.852612019 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.852632046 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.852948904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.852988958 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853127956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853127956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853152990 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853180885 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853221893 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853269100 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853306055 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853327036 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853355885 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853377104 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853645086 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853686094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853710890 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853724003 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853754044 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.853775978 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854641914 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854681015 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854726076 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854739904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854768991 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854789019 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854871988 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854937077 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.854974031 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.855016947 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.855066061 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.855185986 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.855223894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.855252028 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.855267048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.855294943 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.856321096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.856362104 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.856408119 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.856426954 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.856452942 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.906563044 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.938990116 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939064980 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939084053 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939156055 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939192057 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939217091 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939645052 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939683914 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939735889 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939735889 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939754963 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.939974070 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940022945 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940035105 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940057039 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940083027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940109015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940109015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940346956 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940386057 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940416098 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940428019 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940457106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.940531015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.941525936 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.941562891 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.941603899 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.941616058 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.941644907 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.941665888 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942011118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942053080 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942091942 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942104101 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942133904 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942166090 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942210913 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942215919 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942238092 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942275047 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.942297935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.943126917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.943167925 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.943209887 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.943222046 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.943252087 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:10.943273067 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.057400942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.057431936 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.057607889 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.057609081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.057682037 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.057784081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.059629917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.059664965 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.059727907 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.059742928 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.059776068 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.059885979 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060178041 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060206890 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060246944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060260057 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060285091 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060309887 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060414076 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060441017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060484886 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060497046 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060525894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060528040 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060549021 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060560942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060590982 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060683012 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060708046 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060741901 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060755014 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.060781956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061177015 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061202049 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061249018 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061254025 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061270952 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061270952 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061305046 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061626911 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061660051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061695099 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061707020 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.061734915 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.089276075 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.089307070 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.089461088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.089461088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.089539051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.140844107 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.146444082 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.146460056 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.146509886 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.146527052 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.146569014 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.146603107 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.146626949 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148047924 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148104906 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148159027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148173094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148206949 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148227930 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148457050 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148488045 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148521900 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148535013 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148562908 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.148582935 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149085045 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149117947 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149169922 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149182081 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149208069 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149240017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149270058 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149291992 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149305105 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149336100 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149357080 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149698019 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149725914 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149775028 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149786949 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149811983 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149813890 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149849892 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149878025 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149895906 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149921894 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149921894 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.149952888 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.150074959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.176697016 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.176733971 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.176898956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.176899910 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.176970005 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.177031040 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.234263897 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.234302044 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.234354973 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.234395027 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.234416008 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.234479904 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235543966 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235579967 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235630035 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235637903 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235665083 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235685110 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235815048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235841036 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235872030 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235877991 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235908031 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235908031 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235930920 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235943079 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235959053 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.235963106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236010075 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236659050 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236686945 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236718893 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236725092 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236747980 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236764908 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236788034 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236813068 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236813068 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236820936 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236836910 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236871004 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236891985 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236923933 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236932039 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.236962080 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.237170935 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.237196922 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.237229109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.237236023 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.237258911 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.237365007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.320799112 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.320827961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.320966959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.320966959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.321002007 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.321084023 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.322561979 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.322597027 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.322640896 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.322655916 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.322684050 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.322706938 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323185921 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323215961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323263884 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323276997 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323303938 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323404074 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323492050 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323519945 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323556900 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323568106 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323596954 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323620081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323921919 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323951960 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323987007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.323998928 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324028015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324048996 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324240923 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324266911 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324325085 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324337006 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324363947 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324381113 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324409008 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324434996 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324472904 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324490070 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324512959 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324531078 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324892044 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324919939 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324955940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324968100 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.324992895 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.325017929 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.407841921 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.407875061 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.408060074 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.408133030 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.408215046 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.409641981 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.409677029 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.409718990 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.409734964 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.409766912 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.409807920 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410446882 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410478115 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410533905 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410546064 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410573006 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410660982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410691977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410721064 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410734892 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410764933 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410784960 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410908937 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410936117 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410973072 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.410990953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411012888 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411281109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411295891 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411356926 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411374092 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411444902 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411468029 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411495924 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411533117 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411547899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411572933 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.411595106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.412286043 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.412441015 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.412465096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.412512064 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.412523985 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.412564039 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.412583113 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.495095015 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.495122910 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.495277882 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.495277882 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.495351076 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.495462894 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.496603966 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.496637106 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.496692896 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.496709108 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.496736050 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.496807098 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.497847080 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.497879982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.497924089 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.497936964 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.497968912 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.497991085 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498123884 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498148918 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498181105 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498193026 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498219967 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498239040 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498240948 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498255968 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498284101 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498289108 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498311043 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498322964 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498351097 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498368025 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498402119 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498425961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498470068 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498481035 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498543024 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498584986 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498709917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498737097 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498773098 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498784065 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498811960 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.498882055 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.499078989 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.499146938 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.499174118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.499209881 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.499222040 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.499248981 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.499310970 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.499330044 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.582341909 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.582374096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.582566023 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.582566023 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.582638025 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.582699060 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584177017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584212065 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584254026 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584269047 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584300041 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584475040 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584505081 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584532022 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584549904 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584574938 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.584594965 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.585841894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.585875034 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.585916042 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.585927963 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.585961103 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.585983038 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586086988 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586112022 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586144924 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586155891 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586184978 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586203098 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586541891 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586569071 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586611032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586622000 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586647987 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586671114 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586699963 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586729050 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586741924 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586769104 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.586787939 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.587327003 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.587357998 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.587409019 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.587420940 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.587450027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.587511063 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.669962883 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.670000076 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.670157909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.670157909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.670229912 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.670304060 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.671248913 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.671278954 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.671330929 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.671346903 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.671376944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.671396971 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.672310114 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.672343969 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.672415972 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.672436953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.672461987 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.673918962 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.673952103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.673993111 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.674005985 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.674037933 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675199032 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675224066 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675283909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675287962 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675314903 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675318956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675343037 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675343990 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675389051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675407887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675431013 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675450087 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675458908 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675474882 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675519943 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675539017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675584078 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675617933 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675640106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675784111 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675812006 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675848007 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675859928 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675888062 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.675905943 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.756434917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.756467104 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.756542921 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.756617069 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.756661892 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.756661892 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758250952 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758281946 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758423090 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758481979 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758481979 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758481979 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758485079 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758513927 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.758557081 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.759649038 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.759682894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.759725094 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.759747028 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.759776115 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761416912 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761456013 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761492014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761504889 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761531115 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761579037 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761600018 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761636019 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761648893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.761678934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.762614012 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.762651920 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.762696028 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.762708902 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.762734890 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.762984991 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.763011932 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.763048887 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.763061047 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.763087988 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.812740088 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.843539953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.843574047 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.843727112 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.843727112 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.843797922 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.843854904 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845436096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845470905 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845518112 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845535040 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845566034 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845578909 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845647097 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845662117 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.845714092 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.846647024 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.846678972 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.846733093 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.846760035 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.846786022 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.846806049 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848233938 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848282099 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848332882 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848351002 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848375082 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848418951 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848663092 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848691940 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848715067 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848726988 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848753929 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.848774910 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850111961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850150108 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850195885 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850213051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850236893 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850334883 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850483894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850511074 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850541115 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850553036 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850579023 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.850600958 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.931854963 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.931890011 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.931936979 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932008982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932044983 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932087898 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932199955 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932229042 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932277918 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932298899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932323933 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932353020 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932429075 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932454109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932492018 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932503939 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932529926 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.932549953 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.933859110 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.933892012 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.933928967 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.933940887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.933971882 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.933993101 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936650038 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936714888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936743021 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936754942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936784983 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936801910 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936825037 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936831951 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936850071 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936861038 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936880112 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.936903954 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938178062 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938211918 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938258886 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938271999 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938299894 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938318014 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938318014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938335896 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938366890 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938375950 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938390017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938422918 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:11.938446045 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019056082 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019089937 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019133091 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019149065 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019179106 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019196987 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019341946 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019370079 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019433975 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019433975 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019450903 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019715071 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019723892 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019757986 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019788027 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019807100 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019809961 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019824982 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019860029 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.019884109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.021553040 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.021593094 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.021639109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.021651983 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.021683931 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.021704912 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023564100 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023596048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023636103 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023648024 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023669004 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023672104 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023689032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023703098 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023734093 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.023781061 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.024104118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.024127960 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.024169922 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.024183035 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.024209976 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.024229050 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.025129080 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.025155067 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.025202036 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.025213957 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.025239944 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.025407076 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.051949024 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.051986933 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.052053928 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.052078962 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.052109003 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.052252054 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.106398106 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.106462002 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.106514931 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.106565952 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.106604099 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.106628895 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.107229948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.107276917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.107317924 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.107331038 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.107358932 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.107381105 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108212948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108253956 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108299971 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108311892 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108341932 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108367920 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108407974 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108449936 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108472109 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108484030 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108510971 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.108532906 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.110537052 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.110579967 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.110627890 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.110640049 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.110672951 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.110694885 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.111069918 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.111110926 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.111140966 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.111154079 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.111180067 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.111200094 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.113137960 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.113182068 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.113215923 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.113226891 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.113255024 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.113276005 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.143276930 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.143323898 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.143476009 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.143476963 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.143558025 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.143686056 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195255995 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195327997 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195372105 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195419073 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195472956 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195497990 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195585012 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195641994 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195673943 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195688963 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195707083 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195729971 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195777893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195823908 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195844889 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195858955 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195890903 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.195910931 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.196060896 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.196109056 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.196144104 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.196157932 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.196186066 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.196223021 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.197551012 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.197591066 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.197621107 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.197639942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.197669029 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.197691917 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.198191881 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.198291063 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.198338985 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.198352098 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.198375940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.198395014 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.199214935 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.199259043 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.199285984 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.199300051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.199326038 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.199343920 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.229264975 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.229284048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.229649067 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.229670048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.229720116 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.281393051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.281439066 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.281507015 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.281527996 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.281554937 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.281725883 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282689095 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282742977 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282766104 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282778978 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282830954 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282830954 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282924891 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282965899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282988071 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.282999992 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.283026934 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.283046961 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.283121109 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.283164978 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.283193111 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.283205032 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.283242941 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.283242941 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.284569025 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.284607887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.284662962 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.284676075 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.284708023 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.284708023 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.285455942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.285495043 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.285531044 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.285543919 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.285573006 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.285594940 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.286744118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.286787987 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.286811113 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.286823034 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.286853075 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.286875010 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.327944040 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.327987909 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.328016996 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.328028917 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.328057051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.328078032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.368849039 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.368902922 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.368937969 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.368951082 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.368984938 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.369005919 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371225119 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371267080 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371299982 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371313095 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371340036 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371360064 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371463060 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371505022 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371522903 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371536016 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371562004 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371582031 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371699095 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371740103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371761084 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371772051 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371800900 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371822119 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371862888 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371902943 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371927023 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371937990 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371963024 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.371983051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.372143984 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.372184038 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.372205973 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.372217894 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.372252941 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.373415947 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.373792887 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.373831987 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.373903990 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.373917103 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.373971939 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.377341032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.414983034 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.415030003 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.415085077 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.415105104 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.415138006 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.415158987 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.457571030 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.457618952 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.457654953 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.457684994 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.457709074 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.457737923 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458282948 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458322048 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458357096 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458369970 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458400011 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458420038 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458606958 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458647966 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458669901 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458681107 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458709002 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458925009 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458930969 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458954096 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.458986044 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.459001064 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.459007978 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.459028006 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.459058046 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.459079981 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460120916 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460160017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460206032 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460217953 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460246086 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460309982 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460388899 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460431099 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460458994 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460470915 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460501909 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.460524082 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.464948893 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.464989901 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.465034962 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.465046883 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.465075016 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.465181112 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.502242088 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.502298117 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.502357960 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.502357960 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.502377033 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.502418041 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.543931961 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.543976068 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.544002056 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.544017076 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.544051886 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.544090033 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.569976091 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570024014 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570053101 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570066929 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570091009 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570110083 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570199966 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570240974 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570260048 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570271969 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570302010 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570324898 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570534945 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570574999 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570604086 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570616007 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570641994 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570667028 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570836067 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570899963 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570915937 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570956945 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.570981026 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571043015 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571080923 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571099997 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571115017 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571140051 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571482897 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571522951 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571542978 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571566105 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.571590900 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.589421034 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.589458942 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.589489937 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.589508057 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.589534998 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.630995035 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.631036997 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.631072044 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.631091118 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.631117105 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652364016 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652406931 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652427912 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652443886 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652473927 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652651072 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652721882 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652734995 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652851105 CEST44349748185.199.110.133192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.652945995 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.663331985 CEST49748443192.168.2.4185.199.110.133
                                                                                                                                                                                                                Oct 11, 2024 20:35:12.663377047 CEST44349748185.199.110.133192.168.2.4

                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Oct 11, 2024 20:35:01.991159916 CEST6429553192.168.2.41.1.1.1
                                                                                                                                                                                                                Oct 11, 2024 20:35:01.999109030 CEST53642951.1.1.1192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.247086048 CEST5864653192.168.2.41.1.1.1
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.255506992 CEST53586461.1.1.1192.168.2.4
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.264784098 CEST6121053192.168.2.41.1.1.1
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.272005081 CEST53612101.1.1.1192.168.2.4

                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                Oct 11, 2024 20:35:01.991159916 CEST192.168.2.41.1.1.10x9ad0Standard query (0)notepad-plus-plus.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.247086048 CEST192.168.2.41.1.1.10x8cd7Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.264784098 CEST192.168.2.41.1.1.10xaabeStandard query (0)objects.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                Oct 11, 2024 20:35:01.999109030 CEST1.1.1.1192.168.2.40x9ad0No error (0)notepad-plus-plus.org84.32.84.219A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Oct 11, 2024 20:35:06.255506992 CEST1.1.1.1192.168.2.40x8cd7No error (0)github.com140.82.121.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.272005081 CEST1.1.1.1192.168.2.40xaabeNo error (0)objects.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.272005081 CEST1.1.1.1192.168.2.40xaabeNo error (0)objects.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.272005081 CEST1.1.1.1192.168.2.40xaabeNo error (0)objects.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Oct 11, 2024 20:35:07.272005081 CEST1.1.1.1192.168.2.40xaabeNo error (0)objects.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false

                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                • notepad-plus-plus.org
                                                                                                                                                                                                                • github.com
                                                                                                                                                                                                                • objects.githubusercontent.com

                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                0192.168.2.44973984.32.84.2194431364C:\Program Files\Notepad++\updater\GUP.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-10-11 18:35:02 UTC150OUTGET /update/getDownloadUrl.php?version=8.67&param=x64 HTTP/1.1
                                                                                                                                                                                                                Host: notepad-plus-plus.org
                                                                                                                                                                                                                User-Agent: Notepad++/8.67 (WinGup/5.28)
                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                2024-10-11 18:35:03 UTC442INHTTP/1.1 200 OK
                                                                                                                                                                                                                Server: hcdn
                                                                                                                                                                                                                Date: Fri, 11 Oct 2024 18:35:02 GMT
                                                                                                                                                                                                                Content-Type: text/xml;charset=UTF-8
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                x-powered-by: PHP/7.2.34
                                                                                                                                                                                                                platform: hostinger
                                                                                                                                                                                                                panel: hpanel
                                                                                                                                                                                                                content-security-policy: upgrade-insecure-requests
                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                x-hcdn-request-id: e667643c9f705da36aac6449f6db9aec-bos-edge1
                                                                                                                                                                                                                x-hcdn-cache-status: DYNAMIC
                                                                                                                                                                                                                x-hcdn-upstream-rt: 0.289
                                                                                                                                                                                                                2024-10-11 18:35:03 UTC206INData Raw: 63 33 0d 0a 3c 47 55 50 3e 3c 4e 65 65 64 54 6f 42 65 55 70 64 61 74 65 64 3e 79 65 73 3c 2f 4e 65 65 64 54 6f 42 65 55 70 64 61 74 65 64 3e 3c 56 65 72 73 69 6f 6e 3e 38 2e 37 3c 2f 56 65 72 73 69 6f 6e 3e 3c 4c 6f 63 61 74 69 6f 6e 3e 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 6f 74 65 70 61 64 2d 70 6c 75 73 2d 70 6c 75 73 2f 6e 6f 74 65 70 61 64 2d 70 6c 75 73 2d 70 6c 75 73 2f 72 65 6c 65 61 73 65 73 2f 64 6f 77 6e 6c 6f 61 64 2f 76 38 2e 37 2f 6e 70 70 2e 38 2e 37 2e 49 6e 73 74 61 6c 6c 65 72 2e 78 36 34 2e 65 78 65 3c 2f 4c 6f 63 61 74 69 6f 6e 3e 3c 2f 47 55 50 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                Data Ascii: c3<GUP><NeedToBeUpdated>yes</NeedToBeUpdated><Version>8.7</Version><Location>https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.7/npp.8.7.Installer.x64.exe</Location></GUP>0


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                1192.168.2.449745140.82.121.34431364C:\Program Files\Notepad++\updater\GUP.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-10-11 18:35:06 UTC175OUTGET /notepad-plus-plus/notepad-plus-plus/releases/download/v8.7/npp.8.7.Installer.x64.exe HTTP/1.1
                                                                                                                                                                                                                Host: github.com
                                                                                                                                                                                                                User-Agent: Notepad++/8.67 (WinGup/5.28)
                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                2024-10-11 18:35:07 UTC971INHTTP/1.1 302 Found
                                                                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                                                                Date: Fri, 11 Oct 2024 18:34:37 GMT
                                                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                                Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/33014811/abe46154-dbaa-4461-8680-a6be44a2f318?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241011%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241011T183437Z&X-Amz-Expires=300&X-Amz-Signature=704e82536a38d3f76c1102d79c63a642f129936dda0fb3e51643ea485003fc9c&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dnpp.8.7.Installer.x64.exe&response-content-type=application%2Foctet-stream
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                2024-10-11 18:35:07 UTC3378INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                2192.168.2.449748185.199.110.1334431364C:\Program Files\Notepad++\updater\GUP.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-10-11 18:35:07 UTC593OUTGET /github-production-release-asset-2e65be/33014811/abe46154-dbaa-4461-8680-a6be44a2f318?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241011%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241011T183437Z&X-Amz-Expires=300&X-Amz-Signature=704e82536a38d3f76c1102d79c63a642f129936dda0fb3e51643ea485003fc9c&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dnpp.8.7.Installer.x64.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                                                                                                                                                Host: objects.githubusercontent.com
                                                                                                                                                                                                                User-Agent: Notepad++/8.67 (WinGup/5.28)
                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC810INHTTP/1.1 200 OK
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Content-Length: 6637056
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Last-Modified: Tue, 17 Sep 2024 17:40:28 GMT
                                                                                                                                                                                                                ETag: "0x8DCD73FD22AD6A3"
                                                                                                                                                                                                                Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                x-ms-request-id: 65a4575b-b01e-0062-3018-132372000000
                                                                                                                                                                                                                x-ms-version: 2023-11-03
                                                                                                                                                                                                                x-ms-creation-time: Tue, 17 Sep 2024 17:40:28 GMT
                                                                                                                                                                                                                x-ms-lease-status: unlocked
                                                                                                                                                                                                                x-ms-lease-state: available
                                                                                                                                                                                                                x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                Content-Disposition: attachment; filename=npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                x-ms-server-encrypted: true
                                                                                                                                                                                                                Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                Fastly-Restarts: 1
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Date: Fri, 11 Oct 2024 18:35:07 GMT
                                                                                                                                                                                                                Age: 5645
                                                                                                                                                                                                                X-Served-By: cache-iad-kjyo7100042-IAD, cache-ewr-kewr1740022-EWR
                                                                                                                                                                                                                X-Cache: HIT, HIT
                                                                                                                                                                                                                X-Cache-Hits: 60, 1
                                                                                                                                                                                                                X-Timer: S1728671708.826336,VS0,VE1
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 20 81 e9 50 4e d2 e9 50 4e d2 e9 50 4e d2 2a 5f 11 d2 eb 50 4e d2 e9 50 4f d2 4a 50 4e d2 2a 5f 13 d2 e6 50 4e d2 bd 73 7e d2 e3 50 4e d2 2e 56 48 d2 e8 50 4e d2 52 69 63 68 e9 50 4e d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 67 dc a0 64 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 68 00 00 00 22 02 00 00 08 00
                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1 PNPNPN*_PNPOJPN*_PNs~PN.VHPNRichPNPELgdh"
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: ff 75 14 ff d3 8d 45 a4 50 ff 75 08 ff 15 70 82 40 00 5f 5e 33 c0 5b c9 c2 10 00 8b 4c 24 04 a1 88 9a 42 00 8b d1 53 69 d2 18 08 00 00 56 57 8b 54 02 08 f6 c2 02 74 4f 8d 71 01 33 ff 3b 35 8c 9a 42 00 73 42 8b ce 69 c9 18 08 00 00 8d 44 01 08 8b 08 f6 c1 02 74 03 47 eb 1e f6 c1 04 74 09 8b cf 4f 85 c9 74 20 eb 10 f6 c1 10 75 0b 8b d9 33 da 83 e3 01 33 d9 89 18 46 05 18 08 00 00 3b 35 8c 9a 42 00 72 ca 5f 5e 5b c2 04 00 55 8b ec 51 51 8b 55 08 53 56 8b f2 69 f6 18 08 00 00 8b 1d 88 9a 42 00 33 c9 03 f3 57 89 4d fc 89 4d f8 8b 46 08 a8 02 74 0b 39 4d 0c 74 06 24 be 42 89 46 08 3b 15 8c 9a 42 00 73 44 8b c2 69 c0 18 08 00 00 8d 7c 18 08 8d 42 01 8b 0f f6 c1 02 74 0a 6a 01 52 e8 a5 ff ff ff 8b 0f f6 c1 04 75 28 f6 c1 40 74 03 ff 45 fc f6 c1 01 74 05 ff 45 fc
                                                                                                                                                                                                                Data Ascii: uEPup@_^3[L$BSiVWTtOq3;5BsBiDtGtOt u33F;5Br_^[UQQUSViB3WMMFt9Mt$BF;BsDi|BtjRu(@tEtE
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: 56 e8 78 4d 00 00 6a e4 e9 25 0c 00 00 53 e8 d4 16 00 00 8b 7d f4 8b f0 8d 45 08 50 57 68 00 04 00 00 56 ff 15 e8 80 40 00 85 c0 74 24 8b 45 08 3b c6 76 27 66 39 18 74 22 56 e8 dc 52 00 00 3b c3 74 0e 83 c0 2c 50 ff 75 08 e8 6f 4f 00 00 eb 0a c7 45 fc 01 00 00 00 66 89 1f 39 5d d8 0f 85 07 15 00 00 68 00 04 00 00 57 57 ff 15 ec 80 40 00 e9 f5 14 00 00 6a ff e8 6a 16 00 00 8d 4d 08 51 57 68 00 04 00 00 53 50 53 ff 15 f0 80 40 00 85 c0 0f 85 d3 14 00 00 e9 a0 11 00 00 6a ef e8 43 16 00 00 50 57 e8 32 4a 00 00 e9 45 fe ff ff 6a 31 e8 30 16 00 00 89 45 f8 8b 45 d0 ff 75 f8 83 e0 07 89 45 08 e8 39 48 00 00 ff 75 f8 bf f8 a5 40 00 85 c0 74 08 57 e8 e1 4e 00 00 eb 17 68 00 50 43 00 57 e8 d4 4e 00 00 50 e8 9d 47 00 00 50 e8 e4 4e 00 00 57 e8 70 51 00 00 83 7d 08
                                                                                                                                                                                                                Data Ascii: VxMj%S}EPWhV@t$E;v'f9t"VR;t,PuoOEf9]hWW@jjMQWhSPS@jCPW2JEj10EEuE9Hu@tWNhPCWNPGPNWpQ}
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: 40 00 ff 75 d0 8b f0 8d 46 04 50 e8 89 4a 00 00 a1 58 ce 40 00 89 06 89 35 58 ce 40 00 e9 e7 0f 00 00 6a 03 e8 3a 11 00 00 6a 04 89 55 f0 89 45 e8 e8 2d 11 00 00 f6 45 e4 01 59 89 55 f0 59 89 45 08 74 0a 6a 33 e8 3a 11 00 00 89 45 e8 f6 45 e4 02 74 0a 6a 44 e8 2a 11 00 00 89 45 08 83 7d cc 21 6a 01 75 4c e8 f8 10 00 00 6a 02 8b f0 89 55 f0 e8 ec 10 00 00 59 89 55 f0 59 8b 4d e4 c1 f9 02 74 1e 8d 55 c8 52 51 53 ff 75 08 ff 75 e8 50 56 ff 15 30 82 40 00 f7 d8 1b c0 40 89 45 fc eb 43 ff 75 08 ff 75 e8 50 56 ff 15 58 82 40 00 eb 30 e8 ce 10 00 00 6a 12 8b f0 e8 c5 10 00 00 66 8b 08 66 f7 d9 1b c9 23 c8 66 8b 06 66 f7 d8 1b c0 51 23 c6 50 ff 75 08 ff 75 e8 ff 15 34 82 40 00 89 45 c8 39 5d d0 0f 8c 1b 0f 00 00 ff 75 c8 e9 56 f8 ff ff 53 e8 67 10 00 00 59 89 55
                                                                                                                                                                                                                Data Ascii: @uFPJX@5X@j:jUE-EYUYEtj3:EEtjD*E}!juLjUYUYMtURQSuuPV0@@ECuuPVX@0jff#ffQ#Puu4@E9]uVSgYU
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: 1b 00 00 85 c0 0f 84 9c 0a 00 00 ff 75 08 ff 15 1c 81 40 00 e9 8e 0a 00 00 6a f6 e9 4e 01 00 00 6a e7 e9 47 01 00 00 6a f0 e8 f5 0b 00 00 6a df 89 45 f0 e8 eb 0b 00 00 6a 02 89 45 bc e8 e1 0b 00 00 6a cd 89 45 f8 e8 d7 0b 00 00 6a 45 89 45 b4 e8 cd 0b 00 00 ff 75 bc 89 45 f4 8b 45 e0 8b c8 8b f8 8b f0 81 e1 ff 0f 00 00 c1 f8 10 c1 fe 0c 25 ff ff 00 00 89 4d b0 81 e7 00 80 00 00 83 e6 07 89 45 c0 e8 b6 3d 00 00 85 c0 75 07 6a 21 e8 8e 0b 00 00 8d 45 08 50 68 cc 84 40 00 6a 01 53 68 dc 84 40 00 ff 15 90 82 40 00 3b c3 0f 8c b1 00 00 00 8b 45 08 8d 55 c8 52 68 ec 84 40 00 8b 08 50 ff 11 3b c3 89 45 e8 0f 8c 87 00 00 00 8b 45 08 ff 75 bc 8b 08 50 ff 51 50 3b fb 89 45 e8 75 0e 8b 45 08 68 00 50 43 00 50 8b 08 ff 51 24 3b f3 74 0a 8b 45 08 56 50 8b 08 ff 51 3c
                                                                                                                                                                                                                Data Ascii: u@jNjGjjEjEjEjEEuEE%ME=uj!EPh@jSh@@;EURh@P;EEuPQP;EuEhPCPQ$;tEVPQ<
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: 00 00 e9 c8 ee ff ff 6a 02 89 5d f8 58 50 89 45 b4 e8 89 06 00 00 83 f8 01 59 89 55 f0 89 45 bc 0f 8c 1f 05 00 00 b9 ff 03 00 00 3b c1 7e 03 89 4d bc 66 39 1f 0f 84 5e 01 00 00 57 89 5d c8 e8 b4 3e 00 00 39 5d bc 89 45 e8 0f 8e 49 01 00 00 8b 35 2c 81 40 00 83 7d cc 39 0f 85 8f 00 00 00 8d 45 c0 53 50 6a 02 58 2b 45 dc 50 8d 45 0a 50 ff 75 e8 ff 15 30 81 40 00 85 c0 0f 84 18 01 00 00 8b 4d c0 3b cb 0f 84 0d 01 00 00 66 0f b6 45 0a 39 5d dc 89 4d b4 89 45 b0 0f 85 b5 00 00 00 8d 45 b0 6a 01 50 8d 45 0a 51 50 6a 08 53 ff d6 85 c0 75 68 8b 7d b4 f7 df ff 4d c0 b8 fd ff 00 00 89 45 b0 74 59 ff 4d b4 47 6a 01 53 57 ff 75 e8 ff 15 34 81 40 00 8d 45 b0 6a 01 50 8d 45 0a ff 75 c0 50 6a 08 53 ff d6 85 c0 74 cc eb 2d 39 5d dc 75 16 39 5d f8 75 11 53 ff 75 e8 e8 67
                                                                                                                                                                                                                Data Ascii: j]XPEYUE;~Mf9^W]>9]EI5,@}9ESPjX+EPEPu0@M;fE9]MEEjPEQPjSuh}MEtYMGjSWu4@EjPEuPjSt-9]u9]uSug
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: 00 b8 14 40 00 cb 14 40 00 d7 14 40 00 f5 14 40 00 78 15 40 00 a8 15 40 00 c6 15 40 00 6f 16 40 00 03 15 40 00 47 15 40 00 68 15 40 00 80 16 40 00 d1 16 40 00 3a 17 40 00 61 17 40 00 74 17 40 00 11 19 40 00 14 19 40 00 46 19 40 00 5b 19 40 00 6d 19 40 00 04 1a 40 00 35 1a 40 00 77 1a 40 00 b7 1a 40 00 7c 1b 40 00 a0 1b 40 00 48 1c 40 00 48 1c 40 00 1c 1d 40 00 3d 1d 40 00 62 1d 40 00 86 1d 40 00 53 1e 40 00 e3 1e 40 00 17 1f 40 00 a9 1f 40 00 fb 1f 40 00 2f 20 40 00 dc 20 40 00 af 21 40 00 04 23 40 00 88 23 40 00 b7 23 40 00 f9 23 40 00 39 24 40 00 8f 24 40 00 2f 25 40 00 a3 25 40 00 0d 26 40 00 21 26 40 00 43 26 40 00 f1 26 40 00 94 28 40 00 c9 28 40 00 e3 28 40 00 10 29 40 00 55 29 40 00 60 2a 40 00 f0 2a 40 00 5e 2b 40 00 2f 2c 40 00 0a 2c 40 00 43 26
                                                                                                                                                                                                                Data Ascii: @@@@x@@@o@@G@h@@@:@a@t@@@F@[@m@@5@w@@|@@H@H@@=@b@@S@@@@@/ @ @!@#@#@#@#@9$@$@/%@%@&@!&@C&@&@(@(@(@)@U)@`*@*@^+@/,@,@C&
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: ff 75 72 81 7d e0 ef be ad de 75 69 81 7d ec 49 6e 73 74 75 60 81 7d e8 73 6f 66 74 75 57 81 7d e4 4e 75 6c 6c 75 4e 09 45 08 8b 45 08 8b 0d f0 0e 42 00 83 e0 02 09 05 00 9b 42 00 8b 45 f4 3b c6 89 0d 74 9a 42 00 0f 87 2c 01 00 00 f6 45 08 08 75 06 f6 45 08 04 75 3f ff 45 f8 8d 70 fc 3b fe 76 12 8b fe eb 0e f6 45 08 02 75 08 6a 00 e8 11 fe ff ff 59 3b 35 00 0f 42 00 73 0d 57 53 ff 75 fc e8 2e 39 00 00 89 45 fc 01 3d f0 0e 42 00 2b f7 0f 85 22 ff ff ff 33 db 6a 01 e8 e4 fd ff ff 39 1d 74 9a 42 00 59 0f 84 cb 00 00 00 39 5d f8 74 2a ff 35 f0 0e 42 00 e8 91 03 00 00 8d 45 08 6a 04 50 e8 70 03 00 00 85 c0 0f 84 a8 00 00 00 8b 45 fc 3b 45 08 0f 85 9c 00 00 00 ff 75 f0 6a 40 ff 15 10 81 40 00 b9 68 ce 40 00 8b f0 e8 2f 39 00 00 8d 85 d4 fd ff ff 68 00 68 43 00
                                                                                                                                                                                                                Data Ascii: ur}ui}Instu`}softuW}NulluNEEBBE;tB,EuEu?Ep;vEujY;5BsWSu.9E=B+"3j9tBY9]t*5BEjPpE;Euj@@h@/9hhC
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: 0b c1 a3 1c 9b 42 00 66 81 3d 1e 9b 42 00 00 06 74 11 55 e8 4e 33 00 00 3b c5 74 07 68 00 0c 00 00 ff d0 be a8 82 40 00 56 e8 c8 32 00 00 56 ff 15 28 81 40 00 8d 74 06 01 80 3e 00 75 ea 6a 0c e8 21 33 00 00 6a 0a e8 1a 33 00 00 6a 08 a3 64 9a 42 00 e8 0e 33 00 00 3b c5 74 0f 6a 1e ff d0 85 c0 74 07 80 0d 1c 9b 42 00 80 53 ff 15 38 80 40 00 55 ff 15 98 82 40 00 a3 20 9b 42 00 55 8d 84 24 58 01 00 00 68 b4 02 00 00 50 55 68 08 0f 42 00 ff 15 7c 81 40 00 68 78 a3 40 00 68 60 8a 42 00 e8 cb 2e 00 00 ff 15 a8 80 40 00 bb 00 40 43 00 50 53 e8 b9 2e 00 00 6a 22 c7 05 60 9a 42 00 00 00 40 00 5e 8b c3 66 39 35 00 40 43 00 75 07 8b fe b8 02 40 43 00 57 50 e8 8f 27 00 00 50 ff 15 08 82 40 00 8b c8 89 4c 24 1c e9 f6 00 00 00 6a 20 5a 66 3b c2 75 07 41 41 66 39 11 74
                                                                                                                                                                                                                Data Ascii: Bf=BtUN3;th@V2V(@t>uj!3j3jdB3;tjtBS8@U@ BU$XhPUhB|@hx@h`B.@@CPS.j"`B@^f95@Cu@CWP'P@L$j Zf;uAAf9t
                                                                                                                                                                                                                2024-10-11 18:35:08 UTC1378INData Raw: 0a 50 ff d6 83 0d 18 a0 40 00 ff a1 1c a0 40 00 83 f8 ff 74 0a 50 ff d6 83 0d 1c a0 40 00 ff e8 29 00 00 00 6a 07 68 00 70 43 00 e8 ec 20 00 00 5e c3 56 8b 35 0c 0f 42 00 eb 0a ff 74 24 08 ff 56 04 8b 36 59 85 f6 75 f2 5e c2 04 00 56 8b 35 0c 0f 42 00 6a 00 e8 d7 ff ff ff 85 f6 74 1a 57 8b fe 8b 36 ff 77 08 ff 15 1c 81 40 00 57 ff 15 0c 81 40 00 85 f6 75 e8 5f 83 25 0c 0f 42 00 00 5e c3 a1 0c 0f 42 00 eb 0b 8b 48 08 3b 4c 24 04 74 0a 8b 00 85 c0 75 f1 40 c2 04 00 33 c0 eb f9 56 8b 74 24 08 56 e8 d7 ff ff ff 85 c0 75 03 40 eb 2c 6a 0c 6a 40 ff 15 10 81 40 00 85 c0 74 1b 8b 4c 24 0c 89 70 08 89 48 04 8b 0d 0c 0f 42 00 89 08 a3 0c 0f 42 00 33 c0 eb 03 83 c8 ff 5e c2 08 00 83 ec 10 53 55 56 8b 35 70 9a 42 00 57 6a 02 e8 0e 2d 00 00 33 ff 3b c7 74 12 ff d0 0f
                                                                                                                                                                                                                Data Ascii: P@@tP@)jhpC ^V5Bt$V6Yu^V5BjtW6w@W@u_%B^BH;L$tu@3Vt$Vu@,jj@@tL$pHBB3^SUV5pBWj-3;t


                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                Start time:14:34:29
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                File size:4'854'296 bytes
                                                                                                                                                                                                                MD5 hash:D401161AFB56B8647202E031CEC1AE78
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                Start time:14:34:54
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                File size:20'992 bytes
                                                                                                                                                                                                                MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                Start time:14:34:54
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline: /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
                                                                                                                                                                                                                Imagebase:0x7ff645c50000
                                                                                                                                                                                                                File size:25'088 bytes
                                                                                                                                                                                                                MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                Start time:14:34:59
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
                                                                                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                Start time:14:35:00
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                Start time:14:35:00
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Notepad++\notepad++.exe"
                                                                                                                                                                                                                Imagebase:0x7ff6e9840000
                                                                                                                                                                                                                File size:7'263'064 bytes
                                                                                                                                                                                                                MD5 hash:013DD1C256A30CC3926B828CCE0EBCC9
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                Start time:14:35:00
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Program Files\Notepad++\updater\GUP.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px64
                                                                                                                                                                                                                Imagebase:0x7ff73e4c0000
                                                                                                                                                                                                                File size:808'792 bytes
                                                                                                                                                                                                                MD5 hash:7744ED6FAC4775706938298F9CB5BA0D
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                Start time:14:35:01
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
                                                                                                                                                                                                                Imagebase:0x7ff6e9840000
                                                                                                                                                                                                                File size:7'263'064 bytes
                                                                                                                                                                                                                MD5 hash:013DD1C256A30CC3926B828CCE0EBCC9
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                Start time:14:35:15
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe"
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                File size:6'637'056 bytes
                                                                                                                                                                                                                MD5 hash:AA25B8D9BF2D7095F76D0BA6568785B1
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                Start time:14:35:16
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\npp.8.7.Installer.x64.exe"
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                File size:6'637'056 bytes
                                                                                                                                                                                                                MD5 hash:AA25B8D9BF2D7095F76D0BA6568785B1
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                Start time:14:35:17
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\WerFault.exe -u -p 6976 -s 1252
                                                                                                                                                                                                                Imagebase:0x7ff735fe0000
                                                                                                                                                                                                                File size:570'736 bytes
                                                                                                                                                                                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                Start time:14:35:39
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
                                                                                                                                                                                                                Imagebase:0x730000
                                                                                                                                                                                                                File size:61'440 bytes
                                                                                                                                                                                                                MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                                Start time:14:35:39
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:rundll32.exe "C:\Program Files\Notepad++\contextmenu\NppShell.dll",CleanupDll
                                                                                                                                                                                                                Imagebase:0x7ff7f4fb0000
                                                                                                                                                                                                                File size:71'680 bytes
                                                                                                                                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                Start time:14:35:40
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                File size:20'992 bytes
                                                                                                                                                                                                                MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                Start time:14:35:40
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline: /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
                                                                                                                                                                                                                Imagebase:0x7ff645c50000
                                                                                                                                                                                                                File size:25'088 bytes
                                                                                                                                                                                                                MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                                Start time:14:35:46
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
                                                                                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                Start time:14:35:46
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                                                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                Start time:14:35:46
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Notepad++\notepad++.exe"
                                                                                                                                                                                                                Imagebase:0x7ff6e57e0000
                                                                                                                                                                                                                File size:8'487'768 bytes
                                                                                                                                                                                                                MD5 hash:47F3922D5A017C971D39814E512EB57A
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                Start time:14:35:47
                                                                                                                                                                                                                Start date:11/10/2024
                                                                                                                                                                                                                Path:C:\Program Files\Notepad++\notepad++.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
                                                                                                                                                                                                                Imagebase:0x7ff6e57e0000
                                                                                                                                                                                                                File size:8'487'768 bytes
                                                                                                                                                                                                                MD5 hash:47F3922D5A017C971D39814E512EB57A
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:34.2%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:16.7%
                                                                                                                                                                                                                  Total number of Nodes:1402
                                                                                                                                                                                                                  Total number of Limit Nodes:51
                                                                                                                                                                                                                  execution_graph 3237 4047c0 3238 4047d8 3237->3238 3244 4048f2 3237->3244 3268 404601 3238->3268 3239 40495c 3240 404a26 3239->3240 3241 404966 GetDlgItem 3239->3241 3280 404668 3240->3280 3242 404980 3241->3242 3243 4049e7 3241->3243 3242->3243 3250 4049a6 SendMessageW LoadCursorW SetCursor 3242->3250 3243->3240 3251 4049f9 3243->3251 3244->3239 3244->3240 3248 40492d GetDlgItem SendMessageW 3244->3248 3246 40483f 3249 404601 22 API calls 3246->3249 3273 404623 KiUserCallbackDispatcher 3248->3273 3253 40484c CheckDlgButton 3249->3253 3277 404a6f 3250->3277 3255 404a0f 3251->3255 3256 4049ff SendMessageW 3251->3256 3271 404623 KiUserCallbackDispatcher 3253->3271 3261 404a21 3255->3261 3262 404a15 SendMessageW 3255->3262 3256->3255 3257 404957 3274 404a4b 3257->3274 3262->3261 3263 40486a GetDlgItem 3272 404636 SendMessageW 3263->3272 3265 404880 SendMessageW 3266 4048a6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3265->3266 3267 40489d GetSysColor 3265->3267 3266->3261 3267->3266 3294 4066bf 3268->3294 3271->3263 3272->3265 3273->3257 3275 404a59 3274->3275 3276 404a5e SendMessageW 3274->3276 3275->3276 3276->3239 3345 405ca8 ShellExecuteExW 3277->3345 3279 4049d5 LoadCursorW SetCursor 3279->3243 3281 40472b 3280->3281 3282 404680 GetWindowLongW 3280->3282 3281->3261 3282->3281 3283 404695 3282->3283 3283->3281 3284 4046c2 GetSysColor 3283->3284 3285 4046c5 3283->3285 3284->3285 3286 4046d5 SetBkMode 3285->3286 3287 4046cb SetTextColor 3285->3287 3288 4046f3 3286->3288 3289 4046ed GetSysColor 3286->3289 3287->3286 3290 4046fa SetBkColor 3288->3290 3291 404704 3288->3291 3289->3288 3290->3291 3291->3281 3292 404717 DeleteObject 3291->3292 3293 40471e CreateBrushIndirect 3291->3293 3292->3293 3293->3281 3298 4066ca 3294->3298 3295 406911 3296 40460c SetDlgItemTextW 3295->3296 3333 406682 lstrcpynW 3295->3333 3296->3246 3298->3295 3299 4068e2 lstrlenW 3298->3299 3303 4067db GetSystemDirectoryW 3298->3303 3304 4066bf 15 API calls 3298->3304 3305 4067f1 GetWindowsDirectoryW 3298->3305 3307 4066bf 15 API calls 3298->3307 3308 406883 lstrcatW 3298->3308 3310 406853 SHGetPathFromIDListW CoTaskMemFree 3298->3310 3311 406550 3298->3311 3316 406a76 GetModuleHandleA 3298->3316 3322 406930 3298->3322 3331 4065c9 wsprintfW 3298->3331 3332 406682 lstrcpynW 3298->3332 3299->3298 3303->3298 3304->3299 3305->3298 3307->3298 3308->3298 3310->3298 3334 4064ef 3311->3334 3314 406584 RegQueryValueExW RegCloseKey 3315 4065b4 3314->3315 3315->3298 3317 406a92 3316->3317 3318 406a9c GetProcAddress 3316->3318 3338 406a06 GetSystemDirectoryW 3317->3338 3319 406aab 3318->3319 3319->3298 3321 406a98 3321->3318 3321->3319 3323 40693d 3322->3323 3325 4069b3 3323->3325 3326 4069a6 CharNextW 3323->3326 3329 406992 CharNextW 3323->3329 3330 4069a1 CharNextW 3323->3330 3341 405f7e 3323->3341 3324 4069b8 CharPrevW 3324->3325 3325->3324 3327 4069d9 3325->3327 3326->3323 3326->3325 3327->3298 3329->3323 3330->3326 3331->3298 3332->3298 3333->3296 3335 4064fe 3334->3335 3336 406502 3335->3336 3337 406507 RegOpenKeyExW 3335->3337 3336->3314 3336->3315 3337->3336 3339 406a28 wsprintfW LoadLibraryExW 3338->3339 3339->3321 3342 405f84 3341->3342 3343 405f9a 3342->3343 3344 405f8b CharNextW 3342->3344 3343->3323 3344->3342 3345->3279 4445 402643 4446 402672 4445->4446 4447 402657 4445->4447 4449 4026a2 4446->4449 4450 402677 4446->4450 4448 402d89 21 API calls 4447->4448 4458 40265e 4448->4458 4452 402dab 21 API calls 4449->4452 4451 402dab 21 API calls 4450->4451 4454 40267e 4451->4454 4453 4026a9 lstrlenW 4452->4453 4453->4458 4462 4066a4 WideCharToMultiByte 4454->4462 4456 402692 lstrlenA 4456->4458 4457 4026ec 4458->4457 4461 4026d6 4458->4461 4463 406253 SetFilePointer 4458->4463 4459 406224 WriteFile 4459->4457 4461->4457 4461->4459 4462->4456 4464 40626f 4463->4464 4471 406287 4463->4471 4465 4061f5 ReadFile 4464->4465 4466 40627b 4465->4466 4467 406290 SetFilePointer 4466->4467 4468 4062b8 SetFilePointer 4466->4468 4466->4471 4467->4468 4469 40629b 4467->4469 4468->4471 4470 406224 WriteFile 4469->4470 4470->4471 4471->4461 3436 403645 SetErrorMode GetVersionExW 3437 4036d1 3436->3437 3438 403699 GetVersionExW 3436->3438 3439 403728 3437->3439 3440 406a76 5 API calls 3437->3440 3438->3437 3441 406a06 3 API calls 3439->3441 3440->3439 3442 40373e lstrlenA 3441->3442 3442->3439 3443 40374e 3442->3443 3444 406a76 5 API calls 3443->3444 3445 403755 3444->3445 3446 406a76 5 API calls 3445->3446 3447 40375c 3446->3447 3448 406a76 5 API calls 3447->3448 3449 403768 #17 OleInitialize SHGetFileInfoW 3448->3449 3524 406682 lstrcpynW 3449->3524 3452 4037b7 GetCommandLineW 3525 406682 lstrcpynW 3452->3525 3454 4037c9 3455 405f7e CharNextW 3454->3455 3456 4037ef CharNextW 3455->3456 3466 403801 3456->3466 3457 403903 3458 403917 GetTempPathW 3457->3458 3526 403614 3458->3526 3460 40392f 3462 403933 GetWindowsDirectoryW lstrcatW 3460->3462 3463 403989 DeleteFileW 3460->3463 3461 405f7e CharNextW 3461->3466 3464 403614 12 API calls 3462->3464 3536 4030d5 GetTickCount GetModuleFileNameW 3463->3536 3467 40394f 3464->3467 3466->3457 3466->3461 3470 403905 3466->3470 3467->3463 3469 403953 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3467->3469 3468 40399d 3471 403b90 ExitProcess CoUninitialize 3468->3471 3478 405f7e CharNextW 3468->3478 3507 403a44 3468->3507 3472 403614 12 API calls 3469->3472 3622 406682 lstrcpynW 3470->3622 3473 403ba2 3471->3473 3474 403bc6 3471->3474 3476 403981 3472->3476 3696 405ce2 3473->3696 3479 403c4a ExitProcess 3474->3479 3480 403bce GetCurrentProcess OpenProcessToken 3474->3480 3476->3463 3476->3471 3484 4039bc 3478->3484 3485 403be6 LookupPrivilegeValueW AdjustTokenPrivileges 3480->3485 3486 403c1a 3480->3486 3489 403a1a 3484->3489 3490 403a5d 3484->3490 3485->3486 3488 406a76 5 API calls 3486->3488 3487 403a54 3487->3471 3492 403c21 3488->3492 3623 406059 3489->3623 3639 405c4d 3490->3639 3491 403c36 ExitWindowsEx 3491->3479 3495 403c43 3491->3495 3492->3491 3492->3495 3499 40140b 2 API calls 3495->3499 3499->3479 3500 403a7c 3502 403a94 3500->3502 3643 406682 lstrcpynW 3500->3643 3506 403aba wsprintfW 3502->3506 3521 403ae6 3502->3521 3503 403a39 3638 406682 lstrcpynW 3503->3638 3508 4066bf 21 API calls 3506->3508 3566 403d54 3507->3566 3508->3502 3511 403b30 SetCurrentDirectoryW 3686 406442 MoveFileExW 3511->3686 3512 403af6 GetFileAttributesW 3513 403b02 DeleteFileW 3512->3513 3512->3521 3513->3521 3515 403b2e 3515->3471 3518 406442 40 API calls 3518->3521 3519 4066bf 21 API calls 3519->3521 3521->3502 3521->3506 3521->3511 3521->3512 3521->3515 3521->3518 3521->3519 3522 403bb8 CloseHandle 3521->3522 3644 405bd6 CreateDirectoryW 3521->3644 3647 405c30 CreateDirectoryW 3521->3647 3650 405d8e 3521->3650 3690 405c65 CreateProcessW 3521->3690 3693 4069df FindFirstFileW 3521->3693 3522->3515 3524->3452 3525->3454 3527 406930 5 API calls 3526->3527 3529 403620 3527->3529 3528 40362a 3528->3460 3529->3528 3700 405f51 lstrlenW CharPrevW 3529->3700 3532 405c30 2 API calls 3533 403638 3532->3533 3703 4061a1 3533->3703 3707 406172 GetFileAttributesW CreateFileW 3536->3707 3538 403118 3565 403125 3538->3565 3708 406682 lstrcpynW 3538->3708 3540 40313b 3709 405f9d lstrlenW 3540->3709 3544 40314c GetFileSize 3545 403246 3544->3545 3557 403163 3544->3557 3714 403033 3545->3714 3549 40328b GlobalAlloc 3552 4032a2 3549->3552 3551 4032e3 3553 403033 36 API calls 3551->3553 3555 4061a1 2 API calls 3552->3555 3553->3565 3554 40326c 3556 4035e7 ReadFile 3554->3556 3558 4032b3 CreateFileW 3555->3558 3559 403277 3556->3559 3557->3545 3557->3551 3560 403033 36 API calls 3557->3560 3557->3565 3745 4035e7 3557->3745 3561 4032ed 3558->3561 3558->3565 3559->3549 3559->3565 3560->3557 3729 4035fd SetFilePointer 3561->3729 3563 4032fb 3730 403376 3563->3730 3565->3468 3567 406a76 5 API calls 3566->3567 3568 403d68 3567->3568 3569 403d80 3568->3569 3570 403d6e 3568->3570 3571 406550 3 API calls 3569->3571 3807 4065c9 wsprintfW 3570->3807 3572 403db0 3571->3572 3574 403dcf lstrcatW 3572->3574 3576 406550 3 API calls 3572->3576 3575 403d7e 3574->3575 3792 40402a 3575->3792 3576->3574 3579 406059 18 API calls 3580 403e01 3579->3580 3581 403e95 3580->3581 3583 406550 3 API calls 3580->3583 3582 406059 18 API calls 3581->3582 3584 403e9b 3582->3584 3585 403e33 3583->3585 3586 403eab LoadImageW 3584->3586 3587 4066bf 21 API calls 3584->3587 3585->3581 3590 403e54 lstrlenW 3585->3590 3593 405f7e CharNextW 3585->3593 3588 403f51 3586->3588 3589 403ed2 RegisterClassW 3586->3589 3587->3586 3592 40140b 2 API calls 3588->3592 3591 403f08 SystemParametersInfoW CreateWindowExW 3589->3591 3621 403f5b 3589->3621 3594 403e62 lstrcmpiW 3590->3594 3595 403e88 3590->3595 3591->3588 3596 403f57 3592->3596 3598 403e51 3593->3598 3594->3595 3599 403e72 GetFileAttributesW 3594->3599 3597 405f51 3 API calls 3595->3597 3600 40402a 22 API calls 3596->3600 3596->3621 3601 403e8e 3597->3601 3598->3590 3602 403e7e 3599->3602 3603 403f68 3600->3603 3808 406682 lstrcpynW 3601->3808 3602->3595 3605 405f9d 2 API calls 3602->3605 3606 403f74 ShowWindow 3603->3606 3607 403ff7 3603->3607 3605->3595 3608 406a06 3 API calls 3606->3608 3800 4057da OleInitialize 3607->3800 3611 403f8c 3608->3611 3610 403ffd 3612 404001 3610->3612 3613 404019 3610->3613 3614 403f9a GetClassInfoW 3611->3614 3616 406a06 3 API calls 3611->3616 3619 40140b 2 API calls 3612->3619 3612->3621 3615 40140b 2 API calls 3613->3615 3617 403fc4 DialogBoxParamW 3614->3617 3618 403fae GetClassInfoW RegisterClassW 3614->3618 3615->3621 3616->3614 3620 40140b 2 API calls 3617->3620 3618->3617 3619->3621 3620->3621 3621->3487 3622->3458 3810 406682 lstrcpynW 3623->3810 3625 40606a 3811 405ffc CharNextW CharNextW 3625->3811 3628 403a26 3628->3471 3637 406682 lstrcpynW 3628->3637 3629 406930 5 API calls 3632 406080 3629->3632 3630 4060b1 lstrlenW 3631 4060bc 3630->3631 3630->3632 3633 405f51 3 API calls 3631->3633 3632->3628 3632->3630 3634 4069df 2 API calls 3632->3634 3636 405f9d 2 API calls 3632->3636 3635 4060c1 GetFileAttributesW 3633->3635 3634->3632 3635->3628 3636->3630 3637->3503 3638->3507 3640 406a76 5 API calls 3639->3640 3641 403a62 lstrlenW 3640->3641 3642 406682 lstrcpynW 3641->3642 3642->3500 3643->3502 3645 405c22 3644->3645 3646 405c26 GetLastError 3644->3646 3645->3521 3646->3645 3648 405c40 3647->3648 3649 405c44 GetLastError 3647->3649 3648->3521 3649->3648 3651 406059 18 API calls 3650->3651 3652 405dae 3651->3652 3653 405db6 DeleteFileW 3652->3653 3654 405dcd 3652->3654 3683 405f04 3653->3683 3655 405eed 3654->3655 3817 406682 lstrcpynW 3654->3817 3662 4069df 2 API calls 3655->3662 3655->3683 3657 405df3 3658 405e06 3657->3658 3659 405df9 lstrcatW 3657->3659 3661 405f9d 2 API calls 3658->3661 3660 405e0c 3659->3660 3663 405e1c lstrcatW 3660->3663 3665 405e27 lstrlenW FindFirstFileW 3660->3665 3661->3660 3664 405f12 3662->3664 3663->3665 3666 405f51 3 API calls 3664->3666 3664->3683 3665->3655 3668 405e49 3665->3668 3667 405f1c 3666->3667 3669 405d46 5 API calls 3667->3669 3671 405ed0 FindNextFileW 3668->3671 3679 405d8e 64 API calls 3668->3679 3681 405707 28 API calls 3668->3681 3684 405707 28 API calls 3668->3684 3685 406442 40 API calls 3668->3685 3818 406682 lstrcpynW 3668->3818 3819 405d46 3668->3819 3672 405f28 3669->3672 3671->3668 3673 405ee6 FindClose 3671->3673 3674 405f42 3672->3674 3675 405f2c 3672->3675 3673->3655 3677 405707 28 API calls 3674->3677 3678 405707 28 API calls 3675->3678 3675->3683 3677->3683 3680 405f39 3678->3680 3679->3668 3682 406442 40 API calls 3680->3682 3681->3671 3682->3683 3683->3521 3684->3668 3685->3668 3687 403b3f CopyFileW 3686->3687 3688 406456 3686->3688 3687->3515 3687->3521 3830 4062c8 3688->3830 3691 405ca4 3690->3691 3692 405c98 CloseHandle 3690->3692 3691->3521 3692->3691 3694 4069f5 FindClose 3693->3694 3695 406a00 3693->3695 3694->3695 3695->3521 3697 405cf7 3696->3697 3698 403bb0 ExitProcess 3697->3698 3699 405d0b MessageBoxIndirectW 3697->3699 3699->3698 3701 403632 3700->3701 3702 405f6d lstrcatW 3700->3702 3701->3532 3702->3701 3704 4061ae GetTickCount GetTempFileNameW 3703->3704 3705 403643 3704->3705 3706 4061e4 3704->3706 3705->3460 3706->3704 3706->3705 3707->3538 3708->3540 3710 405fab 3709->3710 3711 405fb1 CharPrevW 3710->3711 3712 403141 3710->3712 3711->3710 3711->3712 3713 406682 lstrcpynW 3712->3713 3713->3544 3715 403044 3714->3715 3716 40305c 3714->3716 3717 40304d DestroyWindow 3715->3717 3720 403054 3715->3720 3718 403064 3716->3718 3719 40306c GetTickCount 3716->3719 3717->3720 3749 406ab2 3718->3749 3719->3720 3722 40307a 3719->3722 3720->3549 3720->3565 3748 4035fd SetFilePointer 3720->3748 3723 403082 3722->3723 3724 4030af CreateDialogParamW ShowWindow 3722->3724 3723->3720 3753 403017 3723->3753 3724->3720 3726 403090 wsprintfW 3756 405707 3726->3756 3729->3563 3731 4033a1 3730->3731 3732 403385 SetFilePointer 3730->3732 3767 40347e GetTickCount 3731->3767 3732->3731 3735 40343e 3735->3565 3738 40347e 46 API calls 3739 4033d8 3738->3739 3739->3735 3740 403444 ReadFile 3739->3740 3742 4033e7 3739->3742 3740->3735 3742->3735 3743 4061f5 ReadFile 3742->3743 3782 406224 WriteFile 3742->3782 3743->3742 3746 4061f5 ReadFile 3745->3746 3747 4035fa 3746->3747 3747->3557 3748->3554 3750 406acf PeekMessageW 3749->3750 3751 406ac5 DispatchMessageW 3750->3751 3752 406adf 3750->3752 3751->3750 3752->3720 3754 403026 3753->3754 3755 403028 MulDiv 3753->3755 3754->3755 3755->3726 3757 405722 3756->3757 3766 4030ad 3756->3766 3758 40573e lstrlenW 3757->3758 3759 4066bf 21 API calls 3757->3759 3760 405767 3758->3760 3761 40574c lstrlenW 3758->3761 3759->3758 3763 40577a 3760->3763 3764 40576d SetWindowTextW 3760->3764 3762 40575e lstrcatW 3761->3762 3761->3766 3762->3760 3765 405780 SendMessageW SendMessageW SendMessageW 3763->3765 3763->3766 3764->3763 3765->3766 3766->3720 3768 4035d6 3767->3768 3769 4034ac 3767->3769 3770 403033 36 API calls 3768->3770 3784 4035fd SetFilePointer 3769->3784 3772 4033a8 3770->3772 3772->3735 3780 4061f5 ReadFile 3772->3780 3773 4034b7 SetFilePointer 3775 4034dc 3773->3775 3774 4035e7 ReadFile 3774->3775 3775->3772 3775->3774 3777 403033 36 API calls 3775->3777 3778 406224 WriteFile 3775->3778 3779 4035b7 SetFilePointer 3775->3779 3785 406bf1 3775->3785 3777->3775 3778->3775 3779->3768 3781 4033c1 3780->3781 3781->3735 3781->3738 3783 406242 3782->3783 3783->3742 3784->3773 3786 406c16 3785->3786 3789 406c1e 3785->3789 3786->3775 3787 406ca5 GlobalFree 3788 406cae GlobalAlloc 3787->3788 3788->3786 3788->3789 3789->3786 3789->3787 3789->3788 3790 406d25 GlobalAlloc 3789->3790 3791 406d1c GlobalFree 3789->3791 3790->3786 3790->3789 3791->3790 3793 40403e 3792->3793 3809 4065c9 wsprintfW 3793->3809 3795 4040af 3796 4040e3 22 API calls 3795->3796 3798 4040b4 3796->3798 3797 403ddf 3797->3579 3798->3797 3799 4066bf 21 API calls 3798->3799 3799->3798 3801 40464d SendMessageW 3800->3801 3803 4057fd 3801->3803 3802 405824 3804 40464d SendMessageW 3802->3804 3803->3802 3806 401389 2 API calls 3803->3806 3805 405836 CoUninitialize 3804->3805 3805->3610 3806->3803 3807->3575 3808->3581 3809->3795 3810->3625 3812 406019 3811->3812 3815 40602b 3811->3815 3814 406026 CharNextW 3812->3814 3812->3815 3813 40604f 3813->3628 3813->3629 3814->3813 3815->3813 3816 405f7e CharNextW 3815->3816 3816->3815 3817->3657 3818->3668 3827 40614d GetFileAttributesW 3819->3827 3822 405d73 3822->3668 3823 405d61 RemoveDirectoryW 3825 405d6f 3823->3825 3824 405d69 DeleteFileW 3824->3825 3825->3822 3826 405d7f SetFileAttributesW 3825->3826 3826->3822 3828 405d52 3827->3828 3829 40615f SetFileAttributesW 3827->3829 3828->3822 3828->3823 3828->3824 3829->3828 3831 4062f8 3830->3831 3832 40631e GetShortPathNameW 3830->3832 3857 406172 GetFileAttributesW CreateFileW 3831->3857 3834 406333 3832->3834 3835 40643d 3832->3835 3834->3835 3837 40633b wsprintfA 3834->3837 3835->3687 3836 406302 CloseHandle GetShortPathNameW 3836->3835 3838 406316 3836->3838 3839 4066bf 21 API calls 3837->3839 3838->3832 3838->3835 3840 406363 3839->3840 3858 406172 GetFileAttributesW CreateFileW 3840->3858 3842 406370 3842->3835 3843 40637f GetFileSize GlobalAlloc 3842->3843 3844 4063a1 3843->3844 3845 406436 CloseHandle 3843->3845 3846 4061f5 ReadFile 3844->3846 3845->3835 3847 4063a9 3846->3847 3847->3845 3859 4060d7 lstrlenA 3847->3859 3850 4063c0 lstrcpyA 3853 4063e2 3850->3853 3851 4063d4 3852 4060d7 4 API calls 3851->3852 3852->3853 3854 406419 SetFilePointer 3853->3854 3855 406224 WriteFile 3854->3855 3856 40642f GlobalFree 3855->3856 3856->3845 3857->3836 3858->3842 3860 406118 lstrlenA 3859->3860 3861 406120 3860->3861 3862 4060f1 lstrcmpiA 3860->3862 3861->3850 3861->3851 3862->3861 3863 40610f CharNextA 3862->3863 3863->3860 3864 405846 3865 4059f0 3864->3865 3866 405867 GetDlgItem GetDlgItem GetDlgItem 3864->3866 3868 405a21 3865->3868 3869 4059f9 GetDlgItem CreateThread CloseHandle 3865->3869 3909 404636 SendMessageW 3866->3909 3871 405a4c 3868->3871 3872 405a71 3868->3872 3873 405a38 ShowWindow ShowWindow 3868->3873 3869->3868 3912 4057da 5 API calls 3869->3912 3870 4058d7 3878 4058de GetClientRect GetSystemMetrics SendMessageW SendMessageW 3870->3878 3874 405aac 3871->3874 3875 405a60 3871->3875 3876 405a86 ShowWindow 3871->3876 3877 404668 8 API calls 3872->3877 3911 404636 SendMessageW 3873->3911 3874->3872 3885 405aba SendMessageW 3874->3885 3880 4045da SendMessageW 3875->3880 3881 405aa6 3876->3881 3882 405a98 3876->3882 3891 405a7f 3877->3891 3883 405930 SendMessageW SendMessageW 3878->3883 3884 40594c 3878->3884 3880->3872 3887 4045da SendMessageW 3881->3887 3886 405707 28 API calls 3882->3886 3883->3884 3888 405951 SendMessageW 3884->3888 3889 40595f 3884->3889 3890 405ad3 CreatePopupMenu 3885->3890 3885->3891 3886->3881 3887->3874 3888->3889 3893 404601 22 API calls 3889->3893 3892 4066bf 21 API calls 3890->3892 3895 405ae3 AppendMenuW 3892->3895 3894 40596f 3893->3894 3898 405978 ShowWindow 3894->3898 3899 4059ac GetDlgItem SendMessageW 3894->3899 3896 405b00 GetWindowRect 3895->3896 3897 405b13 TrackPopupMenu 3895->3897 3896->3897 3897->3891 3900 405b2e 3897->3900 3901 40599b 3898->3901 3902 40598e ShowWindow 3898->3902 3899->3891 3903 4059d3 SendMessageW SendMessageW 3899->3903 3904 405b4a SendMessageW 3900->3904 3910 404636 SendMessageW 3901->3910 3902->3901 3903->3891 3904->3904 3905 405b67 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3904->3905 3907 405b8c SendMessageW 3905->3907 3907->3907 3908 405bb5 GlobalUnlock SetClipboardData CloseClipboard 3907->3908 3908->3891 3909->3870 3910->3899 3911->3871 3913 401946 3914 401948 3913->3914 3919 402dab 3914->3919 3917 405d8e 71 API calls 3918 401956 3917->3918 3920 402db7 3919->3920 3921 4066bf 21 API calls 3920->3921 3922 402dd8 3921->3922 3923 40194d 3922->3923 3924 406930 5 API calls 3922->3924 3923->3917 3924->3923 3925 4015c6 3926 402dab 21 API calls 3925->3926 3927 4015cd 3926->3927 3928 405ffc 4 API calls 3927->3928 3929 4015d6 3928->3929 3930 401636 3929->3930 3931 405f7e CharNextW 3929->3931 3937 405c30 2 API calls 3929->3937 3940 405c4d 5 API calls 3929->3940 3942 40161c GetFileAttributesW 3929->3942 3943 405bd6 2 API calls 3929->3943 3932 401668 3930->3932 3933 40163b 3930->3933 3931->3929 3935 401423 28 API calls 3932->3935 3944 401423 3933->3944 3941 401660 3935->3941 3937->3929 3939 40164f SetCurrentDirectoryW 3939->3941 3940->3929 3942->3929 3943->3929 3945 405707 28 API calls 3944->3945 3946 401431 3945->3946 3947 406682 lstrcpynW 3946->3947 3947->3939 3962 401c48 3963 402d89 21 API calls 3962->3963 3964 401c4f 3963->3964 3965 402d89 21 API calls 3964->3965 3966 401c5c 3965->3966 3967 401c71 3966->3967 3968 402dab 21 API calls 3966->3968 3969 401c81 3967->3969 3970 402dab 21 API calls 3967->3970 3968->3967 3971 401cd8 3969->3971 3972 401c8c 3969->3972 3970->3969 3973 402dab 21 API calls 3971->3973 3974 402d89 21 API calls 3972->3974 3976 401cdd 3973->3976 3975 401c91 3974->3975 3977 402d89 21 API calls 3975->3977 3978 402dab 21 API calls 3976->3978 3979 401c9d 3977->3979 3980 401ce6 FindWindowExW 3978->3980 3981 401cc8 SendMessageW 3979->3981 3982 401caa SendMessageTimeoutW 3979->3982 3983 401d08 3980->3983 3981->3983 3982->3983 4472 404e48 4473 404e74 4472->4473 4474 404e58 4472->4474 4476 404ea7 4473->4476 4477 404e7a SHGetPathFromIDListW 4473->4477 4483 405cc6 GetDlgItemTextW 4474->4483 4479 404e91 SendMessageW 4477->4479 4480 404e8a 4477->4480 4478 404e65 SendMessageW 4478->4473 4479->4476 4481 40140b 2 API calls 4480->4481 4481->4479 4483->4478 4484 4028c9 4485 4028cf 4484->4485 4486 4028d7 FindClose 4485->4486 4487 402c2f 4485->4487 4486->4487 4491 4016d1 4492 402dab 21 API calls 4491->4492 4493 4016d7 GetFullPathNameW 4492->4493 4494 4016f1 4493->4494 4500 401713 4493->4500 4497 4069df 2 API calls 4494->4497 4494->4500 4495 401728 GetShortPathNameW 4496 402c2f 4495->4496 4498 401703 4497->4498 4498->4500 4501 406682 lstrcpynW 4498->4501 4500->4495 4500->4496 4501->4500 4502 401e53 GetDC 4503 402d89 21 API calls 4502->4503 4504 401e65 GetDeviceCaps MulDiv ReleaseDC 4503->4504 4505 402d89 21 API calls 4504->4505 4506 401e96 4505->4506 4507 4066bf 21 API calls 4506->4507 4508 401ed3 CreateFontIndirectW 4507->4508 4509 40263d 4508->4509 4022 402955 4023 402dab 21 API calls 4022->4023 4024 402961 4023->4024 4025 402977 4024->4025 4027 402dab 21 API calls 4024->4027 4026 40614d 2 API calls 4025->4026 4028 40297d 4026->4028 4027->4025 4050 406172 GetFileAttributesW CreateFileW 4028->4050 4030 40298a 4031 402a40 4030->4031 4032 4029a5 GlobalAlloc 4030->4032 4033 402a28 4030->4033 4034 402a47 DeleteFileW 4031->4034 4035 402a5a 4031->4035 4032->4033 4036 4029be 4032->4036 4037 403376 48 API calls 4033->4037 4034->4035 4051 4035fd SetFilePointer 4036->4051 4039 402a35 CloseHandle 4037->4039 4039->4031 4040 4029c4 4041 4035e7 ReadFile 4040->4041 4042 4029cd GlobalAlloc 4041->4042 4043 402a11 4042->4043 4044 4029dd 4042->4044 4045 406224 WriteFile 4043->4045 4046 403376 48 API calls 4044->4046 4047 402a1d GlobalFree 4045->4047 4049 4029ea 4046->4049 4047->4033 4048 402a08 GlobalFree 4048->4043 4049->4048 4050->4030 4051->4040 4061 4014d7 4062 402d89 21 API calls 4061->4062 4063 4014dd Sleep 4062->4063 4065 402c2f 4063->4065 4524 40195b 4525 402dab 21 API calls 4524->4525 4526 401962 lstrlenW 4525->4526 4527 40263d 4526->4527 4066 4020dd 4067 4020ef 4066->4067 4069 4021a1 4066->4069 4068 402dab 21 API calls 4067->4068 4071 4020f6 4068->4071 4070 401423 28 API calls 4069->4070 4076 4022fb 4070->4076 4072 402dab 21 API calls 4071->4072 4073 4020ff 4072->4073 4074 402115 LoadLibraryExW 4073->4074 4075 402107 GetModuleHandleW 4073->4075 4074->4069 4077 402126 4074->4077 4075->4074 4075->4077 4088 406ae5 4077->4088 4080 402170 4082 405707 28 API calls 4080->4082 4081 402137 4083 402156 KiUserCallbackDispatcher 4081->4083 4084 40213f 4081->4084 4086 402147 4082->4086 4083->4086 4085 401423 28 API calls 4084->4085 4085->4086 4086->4076 4087 402193 FreeLibrary 4086->4087 4087->4076 4093 4066a4 WideCharToMultiByte 4088->4093 4090 406b02 4091 406b09 GetProcAddress 4090->4091 4092 402131 4090->4092 4091->4092 4092->4080 4092->4081 4093->4090 4535 402b5e 4536 402bb0 4535->4536 4537 402b65 4535->4537 4538 406a76 5 API calls 4536->4538 4540 402d89 21 API calls 4537->4540 4541 402bae 4537->4541 4539 402bb7 4538->4539 4542 402dab 21 API calls 4539->4542 4543 402b73 4540->4543 4544 402bc0 4542->4544 4545 402d89 21 API calls 4543->4545 4544->4541 4546 402bc4 IIDFromString 4544->4546 4548 402b7f 4545->4548 4546->4541 4547 402bd3 4546->4547 4547->4541 4553 406682 lstrcpynW 4547->4553 4552 4065c9 wsprintfW 4548->4552 4550 402bf0 CoTaskMemFree 4550->4541 4552->4541 4553->4550 4554 402a60 4555 402d89 21 API calls 4554->4555 4556 402a66 4555->4556 4557 402aa9 4556->4557 4558 402a8d 4556->4558 4562 402933 4556->4562 4560 402ac3 4557->4560 4561 402ab3 4557->4561 4559 402a92 4558->4559 4563 402aa3 4558->4563 4568 406682 lstrcpynW 4559->4568 4565 4066bf 21 API calls 4560->4565 4564 402d89 21 API calls 4561->4564 4563->4562 4569 4065c9 wsprintfW 4563->4569 4564->4563 4565->4563 4568->4562 4569->4562 4117 401761 4118 402dab 21 API calls 4117->4118 4119 401768 4118->4119 4120 4061a1 2 API calls 4119->4120 4121 40176f 4120->4121 4122 4061a1 2 API calls 4121->4122 4122->4121 4123 403c62 4124 403c73 CloseHandle 4123->4124 4125 403c7d 4123->4125 4124->4125 4126 403c91 4125->4126 4127 403c87 CloseHandle 4125->4127 4132 403cbf 4126->4132 4127->4126 4130 405d8e 71 API calls 4131 403ca2 4130->4131 4133 403ccd 4132->4133 4134 403c96 4133->4134 4135 403cd2 FreeLibrary GlobalFree 4133->4135 4134->4130 4135->4134 4135->4135 4570 401d62 4571 402d89 21 API calls 4570->4571 4572 401d73 SetWindowLongW 4571->4572 4573 402c2f 4572->4573 4136 4028e3 4137 4028eb 4136->4137 4138 4028ef FindNextFileW 4137->4138 4140 402901 4137->4140 4139 402948 4138->4139 4138->4140 4142 406682 lstrcpynW 4139->4142 4142->4140 4143 401ee3 4144 402d89 21 API calls 4143->4144 4145 401ee9 4144->4145 4146 402d89 21 API calls 4145->4146 4147 401ef5 4146->4147 4148 401f01 ShowWindow 4147->4148 4149 401f0c KiUserCallbackDispatcher 4147->4149 4150 402c2f 4148->4150 4149->4150 4574 401568 4575 402ba9 4574->4575 4578 4065c9 wsprintfW 4575->4578 4577 402bae 4578->4577 4586 40196d 4587 402d89 21 API calls 4586->4587 4588 401974 4587->4588 4589 402d89 21 API calls 4588->4589 4590 401981 4589->4590 4591 402dab 21 API calls 4590->4591 4592 401998 lstrlenW 4591->4592 4594 4019a9 4592->4594 4593 4019ea 4594->4593 4598 406682 lstrcpynW 4594->4598 4596 4019da 4596->4593 4597 4019df lstrlenW 4596->4597 4597->4593 4598->4596 4188 40506e GetDlgItem GetDlgItem 4189 4050c0 7 API calls 4188->4189 4202 4052e5 4188->4202 4190 405167 DeleteObject 4189->4190 4191 40515a SendMessageW 4189->4191 4192 405170 4190->4192 4191->4190 4193 4051a7 4192->4193 4196 4066bf 21 API calls 4192->4196 4197 404601 22 API calls 4193->4197 4194 4053c7 4198 405473 4194->4198 4209 405420 SendMessageW 4194->4209 4233 4052d8 4194->4233 4195 4053a8 4195->4194 4205 4053b9 SendMessageW 4195->4205 4203 405189 SendMessageW SendMessageW 4196->4203 4204 4051bb 4197->4204 4199 405485 4198->4199 4200 40547d SendMessageW 4198->4200 4211 405497 ImageList_Destroy 4199->4211 4212 40549e 4199->4212 4228 4054ae 4199->4228 4200->4199 4201 405343 4245 404fbc SendMessageW 4201->4245 4202->4194 4202->4195 4202->4201 4203->4192 4208 404601 22 API calls 4204->4208 4205->4194 4206 404668 8 API calls 4210 405674 4206->4210 4222 4051cc 4208->4222 4214 405435 SendMessageW 4209->4214 4209->4233 4211->4212 4215 4054a7 GlobalFree 4212->4215 4212->4228 4213 405628 4218 40563a ShowWindow GetDlgItem ShowWindow 4213->4218 4213->4233 4217 405448 4214->4217 4215->4228 4216 4052a7 GetWindowLongW SetWindowLongW 4219 4052c0 4216->4219 4229 405459 SendMessageW 4217->4229 4218->4233 4220 4052c5 ShowWindow 4219->4220 4221 4052dd 4219->4221 4243 404636 SendMessageW 4220->4243 4244 404636 SendMessageW 4221->4244 4222->4216 4223 4052a2 4222->4223 4226 405259 4222->4226 4227 40521f SendMessageW 4222->4227 4223->4216 4223->4219 4230 405271 SendMessageW 4226->4230 4231 40525d SendMessageW 4226->4231 4227->4222 4228->4213 4238 4054e9 4228->4238 4250 40503c 4228->4250 4229->4198 4230->4222 4231->4222 4233->4206 4234 405354 4234->4195 4235 4055f3 4236 4055fe InvalidateRect 4235->4236 4239 40560a 4235->4239 4236->4239 4237 405517 SendMessageW 4241 40552d 4237->4241 4238->4237 4238->4241 4239->4213 4259 404f77 4239->4259 4240 4055a1 SendMessageW SendMessageW 4240->4241 4241->4235 4241->4240 4243->4233 4244->4202 4246 40501b SendMessageW 4245->4246 4247 404fdf GetMessagePos ScreenToClient SendMessageW 4245->4247 4248 405013 4246->4248 4247->4248 4249 405018 4247->4249 4248->4234 4249->4246 4262 406682 lstrcpynW 4250->4262 4252 40504f 4263 4065c9 wsprintfW 4252->4263 4254 405059 4255 40140b 2 API calls 4254->4255 4256 405062 4255->4256 4264 406682 lstrcpynW 4256->4264 4258 405069 4258->4238 4265 404eae 4259->4265 4261 404f8c 4261->4213 4262->4252 4263->4254 4264->4258 4266 404ec7 4265->4266 4267 4066bf 21 API calls 4266->4267 4268 404f2b 4267->4268 4269 4066bf 21 API calls 4268->4269 4270 404f36 4269->4270 4271 4066bf 21 API calls 4270->4271 4272 404f4c lstrlenW wsprintfW SetDlgItemTextW 4271->4272 4272->4261 4599 40166f 4600 402dab 21 API calls 4599->4600 4601 401675 4600->4601 4602 4069df 2 API calls 4601->4602 4603 40167b 4602->4603 4604 402af0 4605 402d89 21 API calls 4604->4605 4606 402af6 4605->4606 4607 402933 4606->4607 4608 4066bf 21 API calls 4606->4608 4608->4607 4609 404771 lstrlenW 4610 404790 4609->4610 4611 404792 WideCharToMultiByte 4609->4611 4610->4611 4612 4026f1 4613 402d89 21 API calls 4612->4613 4620 402700 4613->4620 4614 40283d 4615 40274a ReadFile 4615->4614 4615->4620 4616 4061f5 ReadFile 4616->4620 4617 40278a MultiByteToWideChar 4617->4620 4618 40283f 4625 4065c9 wsprintfW 4618->4625 4619 406253 5 API calls 4619->4620 4620->4614 4620->4615 4620->4616 4620->4617 4620->4618 4620->4619 4622 4027b0 SetFilePointer MultiByteToWideChar 4620->4622 4624 402850 4620->4624 4622->4620 4623 402871 SetFilePointer 4623->4614 4624->4614 4624->4623 4625->4614 4301 404af2 4302 404b1e 4301->4302 4303 404b2f 4301->4303 4370 405cc6 GetDlgItemTextW 4302->4370 4305 404b3b GetDlgItem 4303->4305 4310 404ba7 4303->4310 4307 404b4f 4305->4307 4306 404b29 4309 406930 5 API calls 4306->4309 4312 404b63 SetWindowTextW 4307->4312 4318 405ffc 4 API calls 4307->4318 4308 404c7e 4313 404e2d 4308->4313 4368 405cc6 GetDlgItemTextW 4308->4368 4309->4303 4310->4308 4310->4313 4314 4066bf 21 API calls 4310->4314 4316 404601 22 API calls 4312->4316 4317 404668 8 API calls 4313->4317 4319 404c0e SHBrowseForFolderW 4314->4319 4315 404cae 4320 406059 18 API calls 4315->4320 4321 404b7f 4316->4321 4322 404e41 4317->4322 4323 404b59 4318->4323 4319->4308 4324 404c26 CoTaskMemFree 4319->4324 4325 404cb4 4320->4325 4326 404601 22 API calls 4321->4326 4323->4312 4327 405f51 3 API calls 4323->4327 4328 405f51 3 API calls 4324->4328 4369 406682 lstrcpynW 4325->4369 4329 404b8d 4326->4329 4327->4312 4330 404c33 4328->4330 4367 404636 SendMessageW 4329->4367 4333 404c6a SetDlgItemTextW 4330->4333 4338 4066bf 21 API calls 4330->4338 4333->4308 4334 404ccb 4336 406a76 5 API calls 4334->4336 4335 404b93 4337 406a76 5 API calls 4335->4337 4347 404cd2 4336->4347 4339 404b9a 4337->4339 4340 404c52 lstrcmpiW 4338->4340 4339->4313 4342 404ba2 SHAutoComplete 4339->4342 4340->4333 4344 404c63 lstrcatW 4340->4344 4341 404d13 4371 406682 lstrcpynW 4341->4371 4342->4310 4344->4333 4345 404ce1 GetDiskFreeSpaceExW 4345->4347 4355 404d6b 4345->4355 4346 404d1a 4348 405ffc 4 API calls 4346->4348 4347->4341 4347->4345 4350 405f9d 2 API calls 4347->4350 4349 404d20 4348->4349 4351 404d26 4349->4351 4352 404d29 GetDiskFreeSpaceW 4349->4352 4350->4347 4351->4352 4353 404d44 MulDiv 4352->4353 4352->4355 4353->4355 4354 404ddc 4357 404dff 4354->4357 4359 40140b 2 API calls 4354->4359 4355->4354 4356 404f77 24 API calls 4355->4356 4358 404dc9 4356->4358 4372 404623 KiUserCallbackDispatcher 4357->4372 4361 404dde SetDlgItemTextW 4358->4361 4362 404dce 4358->4362 4359->4357 4361->4354 4364 404eae 24 API calls 4362->4364 4363 404e1b 4363->4313 4365 404e28 4363->4365 4364->4354 4366 404a4b SendMessageW 4365->4366 4366->4313 4367->4335 4368->4315 4369->4334 4370->4306 4371->4346 4372->4363 4373 401774 4374 402dab 21 API calls 4373->4374 4375 40177b 4374->4375 4376 4017a3 4375->4376 4377 40179b 4375->4377 4413 406682 lstrcpynW 4376->4413 4412 406682 lstrcpynW 4377->4412 4380 4017a1 4384 406930 5 API calls 4380->4384 4381 4017ae 4382 405f51 3 API calls 4381->4382 4383 4017b4 lstrcatW 4382->4383 4383->4380 4397 4017c0 4384->4397 4385 4069df 2 API calls 4385->4397 4386 40614d 2 API calls 4386->4397 4388 4017d2 CompareFileTime 4388->4397 4389 401892 4390 405707 28 API calls 4389->4390 4393 40189c 4390->4393 4391 405707 28 API calls 4394 40187e 4391->4394 4392 406682 lstrcpynW 4392->4397 4395 403376 48 API calls 4393->4395 4396 4018af 4395->4396 4398 4018c3 SetFileTime 4396->4398 4399 4018d5 CloseHandle 4396->4399 4397->4385 4397->4386 4397->4388 4397->4389 4397->4392 4400 4066bf 21 API calls 4397->4400 4406 405ce2 MessageBoxIndirectW 4397->4406 4409 401869 4397->4409 4411 406172 GetFileAttributesW CreateFileW 4397->4411 4398->4399 4399->4394 4401 4018e6 4399->4401 4400->4397 4402 4018eb 4401->4402 4403 4018fe 4401->4403 4404 4066bf 21 API calls 4402->4404 4405 4066bf 21 API calls 4403->4405 4407 4018f3 lstrcatW 4404->4407 4408 401906 4405->4408 4406->4397 4407->4408 4410 405ce2 MessageBoxIndirectW 4408->4410 4409->4391 4409->4394 4410->4394 4411->4397 4412->4380 4413->4381 4626 4014f5 SetForegroundWindow 4627 402c2f 4626->4627 4628 401a77 4629 402d89 21 API calls 4628->4629 4630 401a80 4629->4630 4631 402d89 21 API calls 4630->4631 4632 401a25 4631->4632 4633 401578 4634 401591 4633->4634 4635 401588 ShowWindow 4633->4635 4636 402c2f 4634->4636 4637 40159f ShowWindow 4634->4637 4635->4634 4637->4636 4424 4023f9 4425 402dab 21 API calls 4424->4425 4426 402408 4425->4426 4427 402dab 21 API calls 4426->4427 4428 402411 4427->4428 4429 402dab 21 API calls 4428->4429 4430 40241b GetPrivateProfileStringW 4429->4430 4431 40567b 4432 40568b 4431->4432 4433 40569f 4431->4433 4434 405691 4432->4434 4435 4056e8 4432->4435 4436 4056a7 IsWindowVisible 4433->4436 4443 4056c7 4433->4443 4438 40464d SendMessageW 4434->4438 4437 4056ed CallWindowProcW 4435->4437 4436->4435 4439 4056b4 4436->4439 4441 40569b 4437->4441 4438->4441 4440 404fbc 5 API calls 4439->4440 4442 4056be 4440->4442 4442->4443 4443->4437 4444 40503c 4 API calls 4443->4444 4444->4435 4638 401ffb 4639 402dab 21 API calls 4638->4639 4640 402002 4639->4640 4641 4069df 2 API calls 4640->4641 4642 402008 4641->4642 4643 402019 4642->4643 4645 4065c9 wsprintfW 4642->4645 4645->4643 4646 401b7c 4647 402dab 21 API calls 4646->4647 4648 401b83 4647->4648 4649 402d89 21 API calls 4648->4649 4650 401b8c wsprintfW 4649->4650 4651 402c2f 4650->4651 4652 401000 4653 401037 BeginPaint GetClientRect 4652->4653 4654 40100c DefWindowProcW 4652->4654 4656 4010f3 4653->4656 4657 401179 4654->4657 4658 401073 CreateBrushIndirect FillRect DeleteObject 4656->4658 4659 4010fc 4656->4659 4658->4656 4660 401102 CreateFontIndirectW 4659->4660 4661 401167 EndPaint 4659->4661 4660->4661 4662 401112 6 API calls 4660->4662 4661->4657 4662->4661 4663 401680 4664 402dab 21 API calls 4663->4664 4665 401687 4664->4665 4666 402dab 21 API calls 4665->4666 4667 401690 4666->4667 4668 402dab 21 API calls 4667->4668 4669 401699 MoveFileW 4668->4669 4670 4016a5 4669->4670 4671 4016ac 4669->4671 4673 401423 28 API calls 4670->4673 4672 4069df 2 API calls 4671->4672 4675 4022fb 4671->4675 4674 4016bb 4672->4674 4673->4675 4674->4675 4676 406442 40 API calls 4674->4676 4676->4670 3346 404102 3347 40411a 3346->3347 3348 40427b 3346->3348 3347->3348 3349 404126 3347->3349 3350 4042cc 3348->3350 3351 40428c GetDlgItem GetDlgItem 3348->3351 3353 404131 SetWindowPos 3349->3353 3354 404144 3349->3354 3352 404326 3350->3352 3360 401389 2 API calls 3350->3360 3355 404601 22 API calls 3351->3355 3373 404276 3352->3373 3417 40464d 3352->3417 3353->3354 3357 40414d ShowWindow 3354->3357 3358 40418f 3354->3358 3359 4042b6 SetClassLongW 3355->3359 3361 404239 3357->3361 3362 40416d GetWindowLongW 3357->3362 3363 404197 DestroyWindow 3358->3363 3364 4041ae 3358->3364 3365 40140b 2 API calls 3359->3365 3366 4042fe 3360->3366 3367 404668 8 API calls 3361->3367 3362->3361 3368 404186 ShowWindow 3362->3368 3416 40458a 3363->3416 3369 4041b3 SetWindowLongW 3364->3369 3370 4041c4 3364->3370 3365->3350 3366->3352 3372 404302 SendMessageW 3366->3372 3367->3373 3368->3358 3369->3373 3370->3361 3371 4041d0 GetDlgItem 3370->3371 3376 4041e1 SendMessageW IsWindowEnabled 3371->3376 3377 4041fe 3371->3377 3372->3373 3374 40140b 2 API calls 3384 404338 3374->3384 3375 40458c DestroyWindow KiUserCallbackDispatcher 3375->3416 3376->3373 3376->3377 3380 40420b 3377->3380 3381 404252 SendMessageW 3377->3381 3382 40421e 3377->3382 3390 404203 3377->3390 3378 4045bb ShowWindow 3378->3373 3379 4066bf 21 API calls 3379->3384 3380->3381 3380->3390 3381->3361 3385 404226 3382->3385 3386 40423b 3382->3386 3384->3373 3384->3374 3384->3375 3384->3379 3387 404601 22 API calls 3384->3387 3391 404601 22 API calls 3384->3391 3407 4044cc DestroyWindow 3384->3407 3430 40140b 3385->3430 3388 40140b 2 API calls 3386->3388 3387->3384 3388->3390 3390->3361 3433 4045da 3390->3433 3392 4043b3 GetDlgItem 3391->3392 3393 4043d0 ShowWindow KiUserCallbackDispatcher 3392->3393 3394 4043c8 3392->3394 3420 404623 KiUserCallbackDispatcher 3393->3420 3394->3393 3396 4043fa KiUserCallbackDispatcher 3401 40440e 3396->3401 3397 404413 GetSystemMenu EnableMenuItem SendMessageW 3398 404443 SendMessageW 3397->3398 3397->3401 3398->3401 3401->3397 3421 404636 SendMessageW 3401->3421 3422 4040e3 3401->3422 3425 406682 lstrcpynW 3401->3425 3403 404472 lstrlenW 3404 4066bf 21 API calls 3403->3404 3405 404488 SetWindowTextW 3404->3405 3426 401389 3405->3426 3408 4044e6 CreateDialogParamW 3407->3408 3407->3416 3409 404519 3408->3409 3408->3416 3410 404601 22 API calls 3409->3410 3411 404524 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3410->3411 3412 401389 2 API calls 3411->3412 3413 40456a 3412->3413 3413->3373 3414 404572 ShowWindow 3413->3414 3415 40464d SendMessageW 3414->3415 3415->3416 3416->3373 3416->3378 3418 404665 3417->3418 3419 404656 SendMessageW 3417->3419 3418->3384 3419->3418 3420->3396 3421->3401 3423 4066bf 21 API calls 3422->3423 3424 4040f1 SetWindowTextW 3423->3424 3424->3401 3425->3403 3428 401390 3426->3428 3427 4013fe 3427->3384 3428->3427 3429 4013cb MulDiv SendMessageW 3428->3429 3429->3428 3431 401389 2 API calls 3430->3431 3432 401420 3431->3432 3432->3390 3434 4045e1 3433->3434 3435 4045e7 SendMessageW 3433->3435 3434->3435 3435->3361 4677 401503 4678 401508 4677->4678 4680 401520 4677->4680 4679 402d89 21 API calls 4678->4679 4679->4680 4681 401a04 4682 402dab 21 API calls 4681->4682 4683 401a0b 4682->4683 4684 402dab 21 API calls 4683->4684 4685 401a14 4684->4685 4686 401a1b lstrcmpiW 4685->4686 4687 401a2d lstrcmpW 4685->4687 4688 401a21 4686->4688 4687->4688 4689 402304 4690 402dab 21 API calls 4689->4690 4691 40230a 4690->4691 4692 402dab 21 API calls 4691->4692 4693 402313 4692->4693 4694 402dab 21 API calls 4693->4694 4695 40231c 4694->4695 4696 4069df 2 API calls 4695->4696 4697 402325 4696->4697 4698 402336 lstrlenW lstrlenW 4697->4698 4699 402329 4697->4699 4701 405707 28 API calls 4698->4701 4700 405707 28 API calls 4699->4700 4703 402331 4699->4703 4700->4703 4702 402374 SHFileOperationW 4701->4702 4702->4699 4702->4703 3948 401d86 3949 401d99 GetDlgItem 3948->3949 3950 401d8c 3948->3950 3952 401d93 3949->3952 3959 402d89 3950->3959 3953 401dda GetClientRect LoadImageW SendMessageW 3952->3953 3954 402dab 21 API calls 3952->3954 3956 401e38 3953->3956 3958 401e44 3953->3958 3954->3953 3957 401e3d DeleteObject 3956->3957 3956->3958 3957->3958 3960 4066bf 21 API calls 3959->3960 3961 402d9e 3960->3961 3961->3952 4711 402388 4712 40238f 4711->4712 4716 4023a2 4711->4716 4713 4066bf 21 API calls 4712->4713 4714 40239c 4713->4714 4715 405ce2 MessageBoxIndirectW 4714->4715 4715->4716 3984 402c0a SendMessageW 3985 402c24 InvalidateRect 3984->3985 3986 402c2f 3984->3986 3985->3986 3987 40248f 3988 402dab 21 API calls 3987->3988 3989 4024a1 3988->3989 3990 402dab 21 API calls 3989->3990 3991 4024ab 3990->3991 4004 402e3b 3991->4004 3994 4024e3 3997 4024ef 3994->3997 3999 402d89 21 API calls 3994->3999 3995 402933 3996 402dab 21 API calls 3998 4024d9 lstrlenW 3996->3998 4000 40250e RegSetValueExW 3997->4000 4001 403376 48 API calls 3997->4001 3998->3994 3999->3997 4002 402524 RegCloseKey 4000->4002 4001->4000 4002->3995 4005 402e56 4004->4005 4008 40651d 4005->4008 4009 40652c 4008->4009 4010 4024bb 4009->4010 4011 406537 RegCreateKeyExW 4009->4011 4010->3994 4010->3995 4010->3996 4011->4010 4012 402910 4013 402dab 21 API calls 4012->4013 4014 402917 FindFirstFileW 4013->4014 4015 40292a 4014->4015 4016 40293f 4014->4016 4020 4065c9 wsprintfW 4016->4020 4018 402948 4021 406682 lstrcpynW 4018->4021 4020->4018 4021->4015 4717 401911 4718 401948 4717->4718 4719 402dab 21 API calls 4718->4719 4720 40194d 4719->4720 4721 405d8e 71 API calls 4720->4721 4722 401956 4721->4722 4723 401491 4724 405707 28 API calls 4723->4724 4725 401498 4724->4725 4726 403d12 4727 403d1d 4726->4727 4728 403d21 4727->4728 4729 403d24 GlobalAlloc 4727->4729 4729->4728 4737 401914 4738 402dab 21 API calls 4737->4738 4739 40191b 4738->4739 4740 405ce2 MessageBoxIndirectW 4739->4740 4741 401924 4740->4741 4052 402896 4053 40289d 4052->4053 4055 402bae 4052->4055 4054 402d89 21 API calls 4053->4054 4056 4028a4 4054->4056 4057 4028b3 SetFilePointer 4056->4057 4057->4055 4058 4028c3 4057->4058 4060 4065c9 wsprintfW 4058->4060 4060->4055 4742 401f17 4743 402dab 21 API calls 4742->4743 4744 401f1d 4743->4744 4745 402dab 21 API calls 4744->4745 4746 401f26 4745->4746 4747 402dab 21 API calls 4746->4747 4748 401f2f 4747->4748 4749 402dab 21 API calls 4748->4749 4750 401f38 4749->4750 4751 401423 28 API calls 4750->4751 4752 401f3f 4751->4752 4759 405ca8 ShellExecuteExW 4752->4759 4754 401f87 4755 406b21 5 API calls 4754->4755 4756 402933 4754->4756 4757 401fa4 CloseHandle 4755->4757 4757->4756 4759->4754 4760 402f98 4761 402fc3 4760->4761 4762 402faa SetTimer 4760->4762 4763 403011 4761->4763 4764 403017 MulDiv 4761->4764 4762->4761 4765 402fd1 wsprintfW SetWindowTextW SetDlgItemTextW 4764->4765 4765->4763 4767 401d1c 4768 402d89 21 API calls 4767->4768 4769 401d22 IsWindow 4768->4769 4770 401a25 4769->4770 4771 40149e 4772 4014ac PostQuitMessage 4771->4772 4773 4023a2 4771->4773 4772->4773 4094 401ba0 4095 401bf1 4094->4095 4096 401bad 4094->4096 4098 401bf6 4095->4098 4099 401c1b GlobalAlloc 4095->4099 4097 401c36 4096->4097 4103 401bc4 4096->4103 4101 4066bf 21 API calls 4097->4101 4107 4023a2 4097->4107 4098->4107 4115 406682 lstrcpynW 4098->4115 4100 4066bf 21 API calls 4099->4100 4100->4097 4102 40239c 4101->4102 4109 405ce2 MessageBoxIndirectW 4102->4109 4113 406682 lstrcpynW 4103->4113 4106 401c08 GlobalFree 4106->4107 4108 401bd3 4114 406682 lstrcpynW 4108->4114 4109->4107 4111 401be2 4116 406682 lstrcpynW 4111->4116 4113->4108 4114->4111 4115->4106 4116->4107 4774 406da0 4778 406c24 4774->4778 4775 40758f 4776 406ca5 GlobalFree 4777 406cae GlobalAlloc 4776->4777 4777->4775 4777->4778 4778->4775 4778->4776 4778->4777 4779 406d25 GlobalAlloc 4778->4779 4780 406d1c GlobalFree 4778->4780 4779->4775 4779->4778 4780->4779 4781 402621 4782 402dab 21 API calls 4781->4782 4783 402628 4782->4783 4786 406172 GetFileAttributesW CreateFileW 4783->4786 4785 402634 4786->4785 4151 4025a3 4162 402deb 4151->4162 4154 402d89 21 API calls 4155 4025b6 4154->4155 4156 4025d2 RegEnumKeyW 4155->4156 4157 4025de RegEnumValueW 4155->4157 4158 402933 4155->4158 4159 4025fa RegCloseKey 4156->4159 4157->4159 4160 4025f3 4157->4160 4159->4158 4160->4159 4163 402dab 21 API calls 4162->4163 4164 402e02 4163->4164 4165 4064ef RegOpenKeyExW 4164->4165 4166 4025ad 4165->4166 4166->4154 4787 4015a8 4788 402dab 21 API calls 4787->4788 4789 4015af SetFileAttributesW 4788->4789 4790 4015c1 4789->4790 4167 401fa9 4168 402dab 21 API calls 4167->4168 4169 401faf 4168->4169 4170 405707 28 API calls 4169->4170 4171 401fb9 4170->4171 4172 405c65 2 API calls 4171->4172 4173 401fbf 4172->4173 4174 401fe2 CloseHandle 4173->4174 4175 402933 4173->4175 4182 406b21 WaitForSingleObject 4173->4182 4174->4175 4178 401fd4 4179 401fe4 4178->4179 4180 401fd9 4178->4180 4179->4174 4187 4065c9 wsprintfW 4180->4187 4183 406b3b 4182->4183 4184 406b4d GetExitCodeProcess 4183->4184 4185 406ab2 2 API calls 4183->4185 4184->4178 4186 406b42 WaitForSingleObject 4185->4186 4186->4183 4187->4174 4798 404aab 4799 404ae1 4798->4799 4800 404abb 4798->4800 4802 404668 8 API calls 4799->4802 4801 404601 22 API calls 4800->4801 4803 404ac8 SetDlgItemTextW 4801->4803 4804 404aed 4802->4804 4803->4799 4273 40252f 4274 402deb 21 API calls 4273->4274 4275 402539 4274->4275 4276 402dab 21 API calls 4275->4276 4277 402542 4276->4277 4278 40254d RegQueryValueExW 4277->4278 4281 402933 4277->4281 4279 402573 RegCloseKey 4278->4279 4280 40256d 4278->4280 4279->4281 4280->4279 4284 4065c9 wsprintfW 4280->4284 4284->4279 4285 4021af 4286 402dab 21 API calls 4285->4286 4287 4021b6 4286->4287 4288 402dab 21 API calls 4287->4288 4289 4021c0 4288->4289 4290 402dab 21 API calls 4289->4290 4291 4021ca 4290->4291 4292 402dab 21 API calls 4291->4292 4293 4021d4 4292->4293 4294 402dab 21 API calls 4293->4294 4295 4021de 4294->4295 4296 40221d CoCreateInstance 4295->4296 4297 402dab 21 API calls 4295->4297 4300 40223c 4296->4300 4297->4296 4298 401423 28 API calls 4299 4022fb 4298->4299 4300->4298 4300->4299 4805 40202f 4806 402dab 21 API calls 4805->4806 4807 402036 4806->4807 4808 406a76 5 API calls 4807->4808 4809 402045 4808->4809 4810 402061 GlobalAlloc 4809->4810 4812 4020d1 4809->4812 4811 402075 4810->4811 4810->4812 4813 406a76 5 API calls 4811->4813 4814 40207c 4813->4814 4815 406a76 5 API calls 4814->4815 4816 402086 4815->4816 4816->4812 4820 4065c9 wsprintfW 4816->4820 4818 4020bf 4821 4065c9 wsprintfW 4818->4821 4820->4818 4821->4812 4822 401a35 4823 402dab 21 API calls 4822->4823 4824 401a3e ExpandEnvironmentStringsW 4823->4824 4825 401a52 4824->4825 4827 401a65 4824->4827 4826 401a57 lstrcmpW 4825->4826 4825->4827 4826->4827 4414 4023b7 4415 4023c5 4414->4415 4416 4023bf 4414->4416 4418 402dab 21 API calls 4415->4418 4421 4023d3 4415->4421 4417 402dab 21 API calls 4416->4417 4417->4415 4418->4421 4419 402dab 21 API calls 4422 4023e1 4419->4422 4420 402dab 21 API calls 4423 4023ea WritePrivateProfileStringW 4420->4423 4421->4419 4421->4422 4422->4420 4828 404737 lstrcpynW lstrlenW 4834 4014b8 4835 4014be 4834->4835 4836 401389 2 API calls 4835->4836 4837 4014c6 4836->4837 4838 402439 4839 402441 4838->4839 4840 40246c 4838->4840 4841 402deb 21 API calls 4839->4841 4842 402dab 21 API calls 4840->4842 4843 402448 4841->4843 4844 402473 4842->4844 4846 402dab 21 API calls 4843->4846 4847 402480 4843->4847 4849 402e69 4844->4849 4848 402459 RegDeleteValueW RegCloseKey 4846->4848 4848->4847 4850 402e76 4849->4850 4851 402e7d 4849->4851 4850->4847 4851->4850 4853 402eae 4851->4853 4854 4064ef RegOpenKeyExW 4853->4854 4855 402edc 4854->4855 4856 402eec RegEnumValueW 4855->4856 4863 402f86 4855->4863 4865 402f0f 4855->4865 4857 402f76 RegCloseKey 4856->4857 4856->4865 4857->4863 4858 402f4b RegEnumKeyW 4859 402f54 RegCloseKey 4858->4859 4858->4865 4860 406a76 5 API calls 4859->4860 4862 402f64 4860->4862 4861 402eae 6 API calls 4861->4865 4862->4863 4864 402f68 RegDeleteKeyW 4862->4864 4863->4850 4864->4863 4865->4857 4865->4858 4865->4859 4865->4861 4866 40173a 4867 402dab 21 API calls 4866->4867 4868 401741 SearchPathW 4867->4868 4869 40175c 4868->4869 4870 401d3d 4871 402d89 21 API calls 4870->4871 4872 401d44 4871->4872 4873 402d89 21 API calls 4872->4873 4874 401d50 GetDlgItem 4873->4874 4875 40263d 4874->4875

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00403645 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 464stringfilecomCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 0 403645-403697 SetErrorMode GetVersionExW 1 4036d1-4036d6 0->1 2 403699-4036c9 GetVersionExW 0->2 3 4036d8 1->3 4 4036de-403720 1->4 2->1 3->4 5 403722-40372a call 406a76 4->5 6 403733 4->6 5->6 11 40372c 5->11 8 403738-40374c call 406a06 lstrlenA 6->8 13 40374e-40376a call 406a76 * 3 8->13 11->6 20 40377b-4037df #17 OleInitialize SHGetFileInfoW call 406682 GetCommandLineW call 406682 13->20 21 40376c-403772 13->21 28 4037e1-4037e3 20->28 29 4037e8-4037fc call 405f7e CharNextW 20->29 21->20 25 403774 21->25 25->20 28->29 32 4038f7-4038fd 29->32 33 403801-403807 32->33 34 403903 32->34 35 403810-403817 33->35 36 403809-40380e 33->36 37 403917-403931 GetTempPathW call 403614 34->37 38 403819-40381e 35->38 39 40381f-403823 35->39 36->35 36->36 47 403933-403951 GetWindowsDirectoryW lstrcatW call 403614 37->47 48 403989-4039a3 DeleteFileW call 4030d5 37->48 38->39 41 4038e4-4038f3 call 405f7e 39->41 42 403829-40382f 39->42 41->32 59 4038f5-4038f6 41->59 45 403831-403838 42->45 46 403849-403882 42->46 52 40383a-40383d 45->52 53 40383f 45->53 54 403884-403889 46->54 55 40389f-4038d9 46->55 47->48 62 403953-403983 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403614 47->62 64 403b90-403ba0 ExitProcess CoUninitialize 48->64 65 4039a9-4039af 48->65 52->46 52->53 53->46 54->55 61 40388b-403893 54->61 57 4038e1-4038e3 55->57 58 4038db-4038df 55->58 57->41 58->57 63 403905-403912 call 406682 58->63 59->32 66 403895-403898 61->66 67 40389a 61->67 62->48 62->64 63->37 69 403ba2-403bb2 call 405ce2 ExitProcess 64->69 70 403bc6-403bcc 64->70 71 4039b5-4039c0 call 405f7e 65->71 72 403a48-403a4f call 403d54 65->72 66->55 66->67 67->55 77 403c4a-403c52 70->77 78 403bce-403be4 GetCurrentProcess OpenProcessToken 70->78 87 4039c2-4039f7 71->87 88 403a0e-403a18 71->88 86 403a54-403a58 72->86 80 403c54 77->80 81 403c58-403c5c ExitProcess 77->81 84 403be6-403c14 LookupPrivilegeValueW AdjustTokenPrivileges 78->84 85 403c1a-403c28 call 406a76 78->85 80->81 84->85 94 403c36-403c41 ExitWindowsEx 85->94 95 403c2a-403c34 85->95 86->64 92 4039f9-4039fd 87->92 90 403a1a-403a28 call 406059 88->90 91 403a5d-403a83 call 405c4d lstrlenW call 406682 88->91 90->64 107 403a2e-403a44 call 406682 * 2 90->107 110 403a94-403aac 91->110 111 403a85-403a8f call 406682 91->111 98 403a06-403a0a 92->98 99 4039ff-403a04 92->99 94->77 101 403c43-403c45 call 40140b 94->101 95->94 95->101 98->92 100 403a0c 98->100 99->98 99->100 100->88 101->77 107->72 114 403ab1-403ab5 110->114 111->110 116 403aba-403ae4 wsprintfW call 4066bf 114->116 120 403ae6-403aeb call 405bd6 116->120 121 403aed call 405c30 116->121 125 403af2-403af4 120->125 121->125 126 403b30-403b4f SetCurrentDirectoryW call 406442 CopyFileW 125->126 127 403af6-403b00 GetFileAttributesW 125->127 135 403b51-403b72 call 406442 call 4066bf call 405c65 126->135 136 403b8e 126->136 128 403b21-403b2c 127->128 129 403b02-403b0b DeleteFileW 127->129 128->114 132 403b2e 128->132 129->128 131 403b0d-403b1f call 405d8e 129->131 131->116 131->128 132->64 144 403b74-403b7e 135->144 145 403bb8-403bc4 CloseHandle 135->145 136->64 144->136 146 403b80-403b88 call 4069df 144->146 145->136 146->116 146->136
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetErrorMode.KERNELBASE ref: 00403668
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 00403693
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 004036A6
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040373F
                                                                                                                                                                                                                  • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040377C
                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00403783
                                                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(00420F08,00000000,?,000002B4,00000000), ref: 004037A2
                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00428A60,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037B7
                                                                                                                                                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe",00000020,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe",00000000,?,00000008,0000000A,0000000C), ref: 004037F0
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403928
                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403939
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403945
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403959
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403961
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403972
                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040397A
                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040398E
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A67
                                                                                                                                                                                                                    • Part of subcall function 00406682: lstrcpynW.KERNEL32(?,?,00000400,004037B7,00428A60,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040668F
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00403AC4
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(0042C800,C:\Users\user\AppData\Local\Temp\), ref: 00403AF7
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(0042C800), ref: 00403B03
                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403B31
                                                                                                                                                                                                                    • Part of subcall function 00406442: MoveFileExW.KERNEL32(?,?,00000005,00405F40,?,00000000,000000F1,?,?,?,?,?), ref: 0040644C
                                                                                                                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,0042C800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403B47
                                                                                                                                                                                                                    • Part of subcall function 00405C65: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F50,?,?,?,0042C800,?), ref: 00405C8E
                                                                                                                                                                                                                    • Part of subcall function 00405C65: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405C9B
                                                                                                                                                                                                                    • Part of subcall function 004069DF: FindFirstFileW.KERNELBASE(74DF3420,00425F98,C:\,004060A2,C:\,C:\,00000000,C:\,C:\,74DF3420,?,74DF2EE0,00405DAE,?,74DF3420,74DF2EE0), ref: 004069EA
                                                                                                                                                                                                                    • Part of subcall function 004069DF: FindClose.KERNEL32(00000000), ref: 004069F6
                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403B90
                                                                                                                                                                                                                  • CoUninitialize.COMBASE(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403B95
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403BB2
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,0042D000,0042D000,?,0042C800,00000000), ref: 00403BB9
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403BD5
                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403BDC
                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BF1
                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403C14
                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403C39
                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403C5C
                                                                                                                                                                                                                    • Part of subcall function 00405C30: CreateDirectoryW.KERNELBASE(?,00000000,00403638,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 00405C36
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Process$Exit$CloseDirectory$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                                                                                                                                                                                  • String ID: "C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"$0x00003CF9$1033$C:\Program Files\Notepad++$C:\Program Files\Notepad++\contextMenu$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                                                                                                                                                  • API String ID: 2017177436-152712262
                                                                                                                                                                                                                  • Opcode ID: aa3ac17b1a5b491486917875c76550572755d9afddd5d170a5e16e74ef3293cc
                                                                                                                                                                                                                  • Instruction ID: d2a3103bd0adf94391fd0ebfa47e937d37e61a7cc597b22c14a72094b2238e17
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa3ac17b1a5b491486917875c76550572755d9afddd5d170a5e16e74ef3293cc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CF1E531604300AAD320AF759D05B2B7EE8AB8570AF11483FF585B22D1DB7C9A41CB6E
                                                                                                                                                                                                                  Function 00405846 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 149 405846-405861 150 4059f0-4059f7 149->150 151 405867-40592e GetDlgItem * 3 call 404636 call 404f8f GetClientRect GetSystemMetrics SendMessageW * 2 149->151 153 405a21-405a2e 150->153 154 4059f9-405a1b GetDlgItem CreateThread CloseHandle 150->154 173 405930-40594a SendMessageW * 2 151->173 174 40594c-40594f 151->174 156 405a30-405a36 153->156 157 405a4c-405a56 153->157 154->153 159 405a71-405a7a call 404668 156->159 160 405a38-405a47 ShowWindow * 2 call 404636 156->160 161 405a58-405a5e 157->161 162 405aac-405ab0 157->162 170 405a7f-405a83 159->170 160->157 163 405a60-405a6c call 4045da 161->163 164 405a86-405a96 ShowWindow 161->164 162->159 167 405ab2-405ab8 162->167 163->159 171 405aa6-405aa7 call 4045da 164->171 172 405a98-405aa1 call 405707 164->172 167->159 175 405aba-405acd SendMessageW 167->175 171->162 172->171 173->174 178 405951-40595d SendMessageW 174->178 179 40595f-405976 call 404601 174->179 180 405ad3-405afe CreatePopupMenu call 4066bf AppendMenuW 175->180 181 405bcf-405bd1 175->181 178->179 188 405978-40598c ShowWindow 179->188 189 4059ac-4059cd GetDlgItem SendMessageW 179->189 186 405b00-405b10 GetWindowRect 180->186 187 405b13-405b28 TrackPopupMenu 180->187 181->170 186->187 187->181 190 405b2e-405b45 187->190 191 40599b 188->191 192 40598e-405999 ShowWindow 188->192 189->181 193 4059d3-4059eb SendMessageW * 2 189->193 194 405b4a-405b65 SendMessageW 190->194 195 4059a1-4059a7 call 404636 191->195 192->195 193->181 194->194 196 405b67-405b8a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 194->196 195->189 198 405b8c-405bb3 SendMessageW 196->198 198->198 199 405bb5-405bc9 GlobalUnlock SetClipboardData CloseClipboard 198->199 199->181
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 004058A4
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 004058B3
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004058F0
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004058F7
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405918
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405929
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040593C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040594A
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040595D
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040597F
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405993
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004059B4
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004059C4
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059DD
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059E9
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 004058C2
                                                                                                                                                                                                                    • Part of subcall function 00404636: SendMessageW.USER32(00000028,?,00000001,00404461), ref: 00404644
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405A06
                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_000057DA,00000000), ref: 00405A14
                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 00405A1B
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405A3F
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405A44
                                                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405A8E
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405AC2
                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00405AD3
                                                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AE7
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00405B07
                                                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405B20
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B58
                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405B68
                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 00405B6E
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B7A
                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405B84
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B98
                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405BB8
                                                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405BC3
                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00405BC9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                  • String ID: H/B${
                                                                                                                                                                                                                  • API String ID: 590372296-332483393
                                                                                                                                                                                                                  • Opcode ID: 4ad71a5ae84d1442ca64332f301171ed24ad3ca4da0b040a8c0bb5ec3df77bcf
                                                                                                                                                                                                                  • Instruction ID: 1bfd88ad0a039f30930ce625e3f17186fc56f4394c79b8c388f8475f2b475093
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ad71a5ae84d1442ca64332f301171ed24ad3ca4da0b040a8c0bb5ec3df77bcf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7B127B1900608FFDB21AF60DD85DAE7B79FB44354F00413AFA41A61A0CB795E52DF68
                                                                                                                                                                                                                  Function 00404AF2 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 275stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 548 404af2-404b1c 549 404b1e-404b2a call 405cc6 call 406930 548->549 550 404b2f-404b39 548->550 549->550 552 404ba7-404bae 550->552 553 404b3b-404b51 GetDlgItem call 405fc8 550->553 556 404bb4-404bbd 552->556 557 404c85-404c8c 552->557 566 404b63-404b9c SetWindowTextW call 404601 * 2 call 404636 call 406a76 553->566 567 404b53-404b5b call 405ffc 553->567 560 404bd7-404bdc 556->560 561 404bbf-404bca 556->561 562 404c9b-404cb6 call 405cc6 call 406059 557->562 563 404c8e-404c95 557->563 560->557 564 404be2-404c24 call 4066bf SHBrowseForFolderW 560->564 568 404bd0 561->568 569 404e33-404e45 call 404668 561->569 587 404cb8 562->587 588 404cbf-404cd7 call 406682 call 406a76 562->588 563->562 563->569 580 404c26-404c40 CoTaskMemFree call 405f51 564->580 581 404c7e 564->581 566->569 606 404ba2-404ba5 SHAutoComplete 566->606 567->566 584 404b5d-404b5e call 405f51 567->584 568->560 593 404c42-404c48 580->593 594 404c6a-404c7c SetDlgItemTextW 580->594 581->557 584->566 587->588 604 404d13-404d24 call 406682 call 405ffc 588->604 605 404cd9-404cdf 588->605 593->594 597 404c4a-404c61 call 4066bf lstrcmpiW 593->597 594->557 597->594 608 404c63-404c65 lstrcatW 597->608 621 404d26 604->621 622 404d29-404d42 GetDiskFreeSpaceW 604->622 605->604 609 404ce1-404cf3 GetDiskFreeSpaceExW 605->609 606->552 608->594 611 404cf5-404cf7 609->611 612 404d6b-404d85 609->612 615 404cf9 611->615 616 404cfc-404d11 call 405f9d 611->616 614 404d87 612->614 618 404d8c-404d96 call 404f8f 614->618 615->616 616->604 616->609 626 404db1-404dba 618->626 627 404d98-404d9f 618->627 621->622 622->614 624 404d44-404d69 MulDiv 622->624 624->618 628 404dec-404df6 626->628 629 404dbc-404dcc call 404f77 626->629 627->626 630 404da1 627->630 634 404e02-404e08 628->634 635 404df8-404dff call 40140b 628->635 641 404dde-404de7 SetDlgItemTextW 629->641 642 404dce-404dd7 call 404eae 629->642 631 404da3-404da8 630->631 632 404daa 630->632 631->626 631->632 632->626 638 404e0a 634->638 639 404e0d-404e1e call 404623 634->639 635->634 638->639 646 404e20-404e26 639->646 647 404e2d 639->647 641->628 648 404ddc 642->648 646->647 649 404e28 call 404a4b 646->649 647->569 648->628 649->647
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404B41
                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404B6B
                                                                                                                                                                                                                  • SHAutoComplete.SHLWAPI(00000000,00000001,00000009,00000000,?,00000014,?,?,00000001,?), ref: 00404BA5
                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404C1C
                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404C27
                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(Remove folder: ,00422F48,00000000,?,?), ref: 00404C59
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404C65
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C77
                                                                                                                                                                                                                    • Part of subcall function 00405CC6: GetDlgItemTextW.USER32(?,?,00000400,00404CAE), ref: 00405CD9
                                                                                                                                                                                                                    • Part of subcall function 00406930: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403620,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 00406993
                                                                                                                                                                                                                    • Part of subcall function 00406930: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004069A2
                                                                                                                                                                                                                    • Part of subcall function 00406930: CharNextW.USER32(?,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403620,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 004069A7
                                                                                                                                                                                                                    • Part of subcall function 00406930: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403620,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 004069BA
                                                                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNELBASE(C:\Program Files\,?,?,?,00000001,C:\Program Files\,?,?,000003FB,?), ref: 00404CEE
                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(C:\Program Files\,?,?,0000040F,?,C:\Program Files\,C:\Program Files\,?,00000001,C:\Program Files\,?,?,000003FB,?), ref: 00404D3A
                                                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D55
                                                                                                                                                                                                                    • Part of subcall function 00404EAE: lstrlenW.KERNEL32(00422F48,00422F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F4F
                                                                                                                                                                                                                    • Part of subcall function 00404EAE: wsprintfW.USER32 ref: 00404F58
                                                                                                                                                                                                                    • Part of subcall function 00404EAE: SetDlgItemTextW.USER32(?,00422F48), ref: 00404F6B
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                  • String ID: 0x00003CF9$A$C:\Program Files\$C:\Program Files\Notepad++$H/B$Remove folder:
                                                                                                                                                                                                                  • API String ID: 4039761011-1740868964
                                                                                                                                                                                                                  • Opcode ID: 63e1deddea1a614ff110810570ea1b9dfd65444c672d58f00e7806fb8a360319
                                                                                                                                                                                                                  • Instruction ID: 96009b05525636a0bc85a96efb184481c484ec56fefee2337862baa2afa4bf02
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63e1deddea1a614ff110810570ea1b9dfd65444c672d58f00e7806fb8a360319
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDA173B1900209ABDB11AFA5CD45AEFB7B8EF84314F11843BF601B62D1D77C99418B6D
                                                                                                                                                                                                                  Function 00405D8E Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 783 405d8e-405db4 call 406059 786 405db6-405dc8 DeleteFileW 783->786 787 405dcd-405dd4 783->787 788 405f4a-405f4e 786->788 789 405dd6-405dd8 787->789 790 405de7-405df7 call 406682 787->790 791 405ef8-405efd 789->791 792 405dde-405de1 789->792 796 405e06-405e07 call 405f9d 790->796 797 405df9-405e04 lstrcatW 790->797 791->788 795 405eff-405f02 791->795 792->790 792->791 798 405f04-405f0a 795->798 799 405f0c-405f14 call 4069df 795->799 800 405e0c-405e10 796->800 797->800 798->788 799->788 807 405f16-405f2a call 405f51 call 405d46 799->807 803 405e12-405e1a 800->803 804 405e1c-405e22 lstrcatW 800->804 803->804 806 405e27-405e43 lstrlenW FindFirstFileW 803->806 804->806 808 405e49-405e51 806->808 809 405eed-405ef1 806->809 823 405f42-405f45 call 405707 807->823 824 405f2c-405f2f 807->824 813 405e71-405e85 call 406682 808->813 814 405e53-405e5b 808->814 809->791 812 405ef3 809->812 812->791 825 405e87-405e8f 813->825 826 405e9c-405ea7 call 405d46 813->826 817 405ed0-405ee0 FindNextFileW 814->817 818 405e5d-405e65 814->818 817->808 822 405ee6-405ee7 FindClose 817->822 818->813 819 405e67-405e6f 818->819 819->813 819->817 822->809 823->788 824->798 827 405f31-405f40 call 405707 call 406442 824->827 825->817 828 405e91-405e95 call 405d8e 825->828 836 405ec8-405ecb call 405707 826->836 837 405ea9-405eac 826->837 827->788 835 405e9a 828->835 835->817 836->817 840 405ec0-405ec6 837->840 841 405eae-405ebe call 405707 call 406442 837->841 840->817 841->817
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 00405DB7
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\*.*,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 00405DFF
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\*.*,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 00405E22
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\*.*,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 00405E28
                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\*.*,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 00405E38
                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405ED8
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405EE7
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                  • String ID: "C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"$C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\nppLocalization\*.*$\*.*
                                                                                                                                                                                                                  • API String ID: 2035342205-1009919812
                                                                                                                                                                                                                  • Opcode ID: 1077c86d2d4ad48a9ead8f49d4029d76e8779727d472685860c85ae50a17c6f4
                                                                                                                                                                                                                  • Instruction ID: 5ad7ae4105776224b4bb644c15053e07d5ebc7bd6c5330578b1f64027da07968
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1077c86d2d4ad48a9ead8f49d4029d76e8779727d472685860c85ae50a17c6f4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F41D330400A15AACB21AB65CC49BBF7678EF41718F24417FF895B11C1D77C4A82DEAE
                                                                                                                                                                                                                  Function 00406DA0 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 3ef02b19721ac815a4354a2b384e5822db0a29b40c19b0eeafe3a712687496ea
                                                                                                                                                                                                                  • Instruction ID: 5203db86b2e08fd3ebfde089d8ff8c44169432d1db75552ad8ea7513f2b1afa9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ef02b19721ac815a4354a2b384e5822db0a29b40c19b0eeafe3a712687496ea
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F16570D04229CBDF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7385A86CF45
                                                                                                                                                                                                                  Function 004069DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(74DF3420,00425F98,C:\,004060A2,C:\,C:\,00000000,C:\,C:\,74DF3420,?,74DF2EE0,00405DAE,?,74DF3420,74DF2EE0), ref: 004069EA
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004069F6
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                  • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                  • Opcode ID: 5aa02b152b1bdaa4a45d264aeb005cec44e37fe5ecd5a9a233d7a39d055da6f3
                                                                                                                                                                                                                  • Instruction ID: 87b64c9cece2c57c139ea7904c9da033401fae8fb112df8880c97ca139bbac6e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5aa02b152b1bdaa4a45d264aeb005cec44e37fe5ecd5a9a233d7a39d055da6f3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBD012716096205BD64067386E0C94B7A589F16331722CA36F06BF21E0D7348C628A9C
                                                                                                                                                                                                                  Function 004021AF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040222E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Program Files\Notepad++\contextMenu, xrefs: 0040226E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                  • String ID: C:\Program Files\Notepad++\contextMenu
                                                                                                                                                                                                                  • API String ID: 542301482-2319078101
                                                                                                                                                                                                                  • Opcode ID: 2f1c2a2f732e94826a9ef84eb16550ce3fda130e79805d47df25cb2e34a1ead8
                                                                                                                                                                                                                  • Instruction ID: 6031f0b9305bb7b05064ab4f17c9904609ff1c452577966f293784d012f03e0b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f1c2a2f732e94826a9ef84eb16550ce3fda130e79805d47df25cb2e34a1ead8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A410475A00209AFCB40DFE4C989EAD7BB5BF48308B20457EF505EB2D1DB799982CB54
                                                                                                                                                                                                                  Function 00402910 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                                                                                  • Opcode ID: 00a330d8d8c13441593921db70a8cb17a676f2e75f0fcbbed06ef6cfd4e26c9a
                                                                                                                                                                                                                  • Instruction ID: f0d7266373870d470beff65cac24d35b4a218527411e0b80208e5fb1e93adf0c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00a330d8d8c13441593921db70a8cb17a676f2e75f0fcbbed06ef6cfd4e26c9a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F08271A04104AED701EBE4ED499AEB378EF14314F60057BE111F31E0D7B84E059B19
                                                                                                                                                                                                                  Function 0040506E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 200 40506e-4050ba GetDlgItem * 2 201 4050c0-405158 GlobalAlloc LoadImageW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 200->201 202 4052e5-4052ec 200->202 205 405167-40516e DeleteObject 201->205 206 40515a-405165 SendMessageW 201->206 203 405300 202->203 204 4052ee-4052fe 202->204 207 405303-40530c 203->207 204->207 208 405170-405178 205->208 206->205 209 405317-40531d 207->209 210 40530e-405311 207->210 211 4051a1-4051a5 208->211 212 40517a-40517d 208->212 215 40532c-405333 209->215 216 40531f-405326 209->216 210->209 214 4053fb-405402 210->214 211->208 213 4051a7-4051d7 call 404601 * 2 211->213 217 405182-40519f call 4066bf SendMessageW * 2 212->217 218 40517f 212->218 256 4052a7-4052ba GetWindowLongW SetWindowLongW 213->256 257 4051dd-4051e3 213->257 223 405473-40547b 214->223 224 405404-40540a 214->224 219 405335-405338 215->219 220 4053a8-4053ab 215->220 216->214 216->215 217->211 218->217 228 405343-405358 call 404fbc 219->228 229 40533a-405341 219->229 220->214 225 4053ad-4053b7 220->225 226 405485-40548c 223->226 227 40547d-405483 SendMessageW 223->227 232 405410-40541a 224->232 233 405666-405678 call 404668 224->233 234 4053c7-4053d1 225->234 235 4053b9-4053c5 SendMessageW 225->235 237 4054c0-4054c7 226->237 238 40548e-405495 226->238 227->226 228->220 255 40535a-40536b 228->255 229->220 229->228 232->233 241 405420-40542f SendMessageW 232->241 234->214 242 4053d3-4053dd 234->242 235->234 248 405628-40562f 237->248 249 4054cd-4054d9 call 4011ef 237->249 244 405497-405498 ImageList_Destroy 238->244 245 40549e-4054a5 238->245 241->233 250 405435-405446 SendMessageW 241->250 251 4053ee-4053f8 242->251 252 4053df-4053ec 242->252 244->245 253 4054a7-4054a8 GlobalFree 245->253 254 4054ae-4054ba 245->254 248->233 261 405631-405638 248->261 274 4054e9-4054ec 249->274 275 4054db-4054de 249->275 259 405450-405452 250->259 260 405448-40544e 250->260 251->214 252->214 253->254 254->237 255->220 264 40536d-40536f 255->264 263 4052c0-4052c3 256->263 265 4051e6-4051ec 257->265 267 405453-40546c call 401299 SendMessageW 259->267 260->259 260->267 261->233 262 40563a-405664 ShowWindow GetDlgItem ShowWindow 261->262 262->233 268 4052c5-4052d3 ShowWindow call 404636 263->268 269 4052dd-4052e0 call 404636 263->269 270 405371-405378 264->270 271 405382 264->271 272 4051f2-40521d 265->272 273 405289-40529c 265->273 267->223 295 4052d8 268->295 269->202 282 40537a-40537c 270->282 283 40537e-405380 270->283 284 405385-4053a1 call 40117d 271->284 285 405259-40525b 272->285 286 40521f-405257 SendMessageW 272->286 273->265 277 4052a2-4052a5 273->277 278 40552d-405551 call 4011ef 274->278 279 4054ee-405507 call 4012e2 call 401299 274->279 287 4054e0 275->287 288 4054e1-4054e4 call 40503c 275->288 277->256 277->263 301 4055f3-4055fc 278->301 302 405557 278->302 308 405517-405526 SendMessageW 279->308 309 405509-40550f 279->309 282->284 283->284 284->220 291 405271-405286 SendMessageW 285->291 292 40525d-40526f SendMessageW 285->292 286->273 287->288 288->274 291->273 292->273 295->233 304 40560a-405612 301->304 305 4055fe-405604 InvalidateRect 301->305 306 40555a-405565 302->306 304->248 307 405614-405623 call 404f8f call 404f77 304->307 305->304 310 405567-405576 306->310 311 4055db-4055ed 306->311 307->248 308->278 314 405511 309->314 315 405512-405515 309->315 312 405578-405585 310->312 313 405589-40558c 310->313 311->301 311->306 312->313 317 405593-40559c 313->317 318 40558e-405591 313->318 314->315 315->308 315->309 320 4055a1-4055d9 SendMessageW * 2 317->320 321 40559e 317->321 318->320 320->311 321->320
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00405086
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00405091
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 004050DB
                                                                                                                                                                                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050F2
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,0040567B), ref: 0040510B
                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040511F
                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405131
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00405147
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405153
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405165
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00405168
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405193
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 0040519F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040523A
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040526A
                                                                                                                                                                                                                    • Part of subcall function 00404636: SendMessageW.USER32(00000028,?,00000001,00404461), ref: 00404644
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040527E
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 004052AC
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004052BA
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 004052CA
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 004053C5
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040542A
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040543F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405463
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405483
                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405498
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 004054A8
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405521
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 004055CA
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004055D9
                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00405604
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00405652
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 0040565D
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405664
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                  • String ID: $M$N
                                                                                                                                                                                                                  • API String ID: 2564846305-813528018
                                                                                                                                                                                                                  • Opcode ID: 324c1f4819b082b1ac23898fd696f3744d7b458a05ce4ad4b76fe224fda76cd4
                                                                                                                                                                                                                  • Instruction ID: 3eec0fee992af157883e3c32035e614d90e83c27d9cb298499668aae57dc4bf7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 324c1f4819b082b1ac23898fd696f3744d7b458a05ce4ad4b76fe224fda76cd4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4029D70A00608EFDB20DF64CD45AAF7BB5FB44314F10857AE910BA2E0D7B98A42DF18
                                                                                                                                                                                                                  Function 00404102 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 323 404102-404114 324 40411a-404120 323->324 325 40427b-40428a 323->325 324->325 326 404126-40412f 324->326 327 4042d9-4042ee 325->327 328 40428c-4042d4 GetDlgItem * 2 call 404601 SetClassLongW call 40140b 325->328 331 404131-40413e SetWindowPos 326->331 332 404144-40414b 326->332 329 4042f0-4042f3 327->329 330 40432e-404333 call 40464d 327->330 328->327 334 4042f5-404300 call 401389 329->334 335 404326-404328 329->335 342 404338-404353 330->342 331->332 337 40414d-404167 ShowWindow 332->337 338 40418f-404195 332->338 334->335 359 404302-404321 SendMessageW 334->359 335->330 341 4045ce 335->341 343 404268-404276 call 404668 337->343 344 40416d-404180 GetWindowLongW 337->344 345 404197-4041a9 DestroyWindow 338->345 346 4041ae-4041b1 338->346 353 4045d0-4045d7 341->353 350 404355-404357 call 40140b 342->350 351 40435c-404362 342->351 343->353 344->343 352 404186-404189 ShowWindow 344->352 354 4045ab-4045b1 345->354 356 4041b3-4041bf SetWindowLongW 346->356 357 4041c4-4041ca 346->357 350->351 363 404368-404373 351->363 364 40458c-4045a5 DestroyWindow KiUserCallbackDispatcher 351->364 352->338 354->341 362 4045b3-4045b9 354->362 356->353 357->343 358 4041d0-4041df GetDlgItem 357->358 365 4041e1-4041f8 SendMessageW IsWindowEnabled 358->365 366 4041fe-404201 358->366 359->353 362->341 367 4045bb-4045c4 ShowWindow 362->367 363->364 368 404379-4043c6 call 4066bf call 404601 * 3 GetDlgItem 363->368 364->354 365->341 365->366 369 404203-404204 366->369 370 404206-404209 366->370 367->341 395 4043d0-40440c ShowWindow KiUserCallbackDispatcher call 404623 KiUserCallbackDispatcher 368->395 396 4043c8-4043cd 368->396 372 404234-404239 call 4045da 369->372 373 404217-40421c 370->373 374 40420b-404211 370->374 372->343 377 404252-404262 SendMessageW 373->377 379 40421e-404224 373->379 374->377 378 404213-404215 374->378 377->343 378->372 383 404226-40422c call 40140b 379->383 384 40423b-404244 call 40140b 379->384 393 404232 383->393 384->343 392 404246-404250 384->392 392->393 393->372 399 404411 395->399 400 40440e-40440f 395->400 396->395 401 404413-404441 GetSystemMenu EnableMenuItem SendMessageW 399->401 400->401 402 404443-404454 SendMessageW 401->402 403 404456 401->403 404 40445c-40449b call 404636 call 4040e3 call 406682 lstrlenW call 4066bf SetWindowTextW call 401389 402->404 403->404 404->342 415 4044a1-4044a3 404->415 415->342 416 4044a9-4044ad 415->416 417 4044cc-4044e0 DestroyWindow 416->417 418 4044af-4044b5 416->418 417->354 419 4044e6-404513 CreateDialogParamW 417->419 418->341 420 4044bb-4044c1 418->420 419->354 421 404519-404570 call 404601 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 419->421 420->342 422 4044c7 420->422 421->341 427 404572-404585 ShowWindow call 40464d 421->427 422->341 429 40458a 427->429 429->354
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 0040413E
                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 0040415E
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404170
                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00404189
                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 0040419D
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 004041B6
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 004041D5
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041E9
                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 004041F0
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 0040429B
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 004042A5
                                                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 004042BF
                                                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404310
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 004043B6
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 004043D7
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043E9
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404404
                                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040441A
                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 00404421
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404439
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040444C
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00422F48,?,00422F48,00000000), ref: 00404476
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,00422F48), ref: 0040448A
                                                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 004045BE
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Item$MessageSendShow$Long$CallbackDispatcherMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                                                  • String ID: H/B
                                                                                                                                                                                                                  • API String ID: 3964124867-184950203
                                                                                                                                                                                                                  • Opcode ID: 6713c34f0db6ca24ad0fd02f4a6c26255f157c0ea2add66a7142b4456e47287b
                                                                                                                                                                                                                  • Instruction ID: f8b0abefa6079376cca3afd4ac47b8e6787ccd0873a3a79b8952b84eeba681b3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6713c34f0db6ca24ad0fd02f4a6c26255f157c0ea2add66a7142b4456e47287b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C1CFB1600204BBDB316F61EE85A2B7AB8EB85345F41053EF741B25F0CB795842DB2D
                                                                                                                                                                                                                  Function 00403D54 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 430 403d54-403d6c call 406a76 433 403d80-403db7 call 406550 430->433 434 403d6e-403d7e call 4065c9 430->434 439 403db9-403dca call 406550 433->439 440 403dcf-403dd5 lstrcatW 433->440 443 403dda-403e03 call 40402a call 406059 434->443 439->440 440->443 448 403e95-403e9d call 406059 443->448 449 403e09-403e0e 443->449 455 403eab-403ed0 LoadImageW 448->455 456 403e9f-403ea6 call 4066bf 448->456 449->448 450 403e14-403e2e call 406550 449->450 454 403e33-403e3c 450->454 454->448 457 403e3e-403e42 454->457 459 403f51-403f59 call 40140b 455->459 460 403ed2-403f02 RegisterClassW 455->460 456->455 461 403e54-403e60 lstrlenW 457->461 462 403e44-403e51 call 405f7e 457->462 474 403f63-403f6e call 40402a 459->474 475 403f5b-403f5e 459->475 463 404020 460->463 464 403f08-403f4c SystemParametersInfoW CreateWindowExW 460->464 468 403e62-403e70 lstrcmpiW 461->468 469 403e88-403e90 call 405f51 call 406682 461->469 462->461 467 404022-404029 463->467 464->459 468->469 473 403e72-403e7c GetFileAttributesW 468->473 469->448 478 403e82-403e83 call 405f9d 473->478 479 403e7e-403e80 473->479 483 403f74-403f8e ShowWindow call 406a06 474->483 484 403ff7-403ff8 call 4057da 474->484 475->467 478->469 479->469 479->478 491 403f90-403f95 call 406a06 483->491 492 403f9a-403fac GetClassInfoW 483->492 487 403ffd-403fff 484->487 489 404001-404007 487->489 490 404019-40401b call 40140b 487->490 489->475 493 40400d-404014 call 40140b 489->493 490->463 491->492 496 403fc4-403fe7 DialogBoxParamW call 40140b 492->496 497 403fae-403fbe GetClassInfoW RegisterClassW 492->497 493->475 501 403fec-403ff5 call 403ca4 496->501 497->496 501->467
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00406A76: GetModuleHandleA.KERNEL32(?,00000020,?,00403755,0000000C,?,?,?,?,?,?,?,?), ref: 00406A88
                                                                                                                                                                                                                    • Part of subcall function 00406A76: GetProcAddress.KERNEL32(00000000,?), ref: 00406AA3
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(1033,00422F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F48,00000000,00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe",00008001), ref: 00403DD5
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Notepad++,1033,00422F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F48,00000000,00000002,74DF3420), ref: 00403E55
                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files\Notepad++,1033,00422F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F48,00000000), ref: 00403E68
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(Remove folder: ), ref: 00403E73
                                                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files\Notepad++), ref: 00403EBC
                                                                                                                                                                                                                    • Part of subcall function 004065C9: wsprintfW.USER32 ref: 004065D6
                                                                                                                                                                                                                  • RegisterClassW.USER32(00428A00), ref: 00403EF9
                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403F11
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F46
                                                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403F7C
                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00428A00), ref: 00403FA8
                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00428A00), ref: 00403FB5
                                                                                                                                                                                                                  • RegisterClassW.USER32(00428A00), ref: 00403FBE
                                                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00404102,00000000), ref: 00403FDD
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                  • String ID: "C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files\Notepad++$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H/B$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                  • API String ID: 1975747703-153444035
                                                                                                                                                                                                                  • Opcode ID: 71c901060660e6c141de3759ee92f1f28cb94e09091d7fc82daae4b4f1af527d
                                                                                                                                                                                                                  • Instruction ID: 33830a549d8bd1c9ff3d4095a28b7d5feb3a0022977f60bfd4e6bbc11b1c7dcb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71c901060660e6c141de3759ee92f1f28cb94e09091d7fc82daae4b4f1af527d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4661D570200741BAD620AB669E46F2B3A7CEB84709F41453FFA45B61E2DF795902CB2D
                                                                                                                                                                                                                  Function 004047C0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 504 4047c0-4047d2 505 4048f2-4048ff 504->505 506 4047d8-4047e0 504->506 507 404901-40490a 505->507 508 40495c-404960 505->508 509 4047e2-4047f1 506->509 510 4047f3-404817 506->510 513 404910-404916 507->513 514 404a35 507->514 511 404a26-404a2d 508->511 512 404966-40497e GetDlgItem 508->512 509->510 515 404820-40489b call 404601 * 2 CheckDlgButton call 404623 GetDlgItem call 404636 SendMessageW 510->515 516 404819 510->516 511->514 517 404a2f 511->517 519 404980-404987 512->519 520 4049e7-4049ee 512->520 513->514 521 40491c-404927 513->521 518 404a38-404a3f call 404668 514->518 546 4048a6-4048ed SendMessageW * 2 lstrlenW SendMessageW * 2 515->546 547 40489d-4048a0 GetSysColor 515->547 516->515 517->514 529 404a44-404a48 518->529 519->520 525 404989-4049a4 519->525 520->518 526 4049f0-4049f7 520->526 521->514 527 40492d-404957 GetDlgItem SendMessageW call 404623 call 404a4b 521->527 525->520 530 4049a6-4049e4 SendMessageW LoadCursorW SetCursor call 404a6f LoadCursorW SetCursor 525->530 526->518 531 4049f9-4049fd 526->531 527->508 530->520 535 404a0f-404a13 531->535 536 4049ff-404a0d SendMessageW 531->536 541 404a21-404a24 535->541 542 404a15-404a1f SendMessageW 535->542 536->535 541->529 542->541 546->529 547->546
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040485E
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404872
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040488F
                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 004048A0
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004048AE
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004048BC
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004048C1
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004048CE
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048E3
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 0040493C
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 00404943
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040496E
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004049B1
                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004049BF
                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004049C2
                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004049DB
                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004049DE
                                                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404A0D
                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404A1F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                  • String ID: 7G@$N$Remove folder:
                                                                                                                                                                                                                  • API String ID: 3103080414-1201519967
                                                                                                                                                                                                                  • Opcode ID: b6dc2905c6216746abb3c0cd17d9c39e8b2e61a9098f8b336cb1d1698ee7a258
                                                                                                                                                                                                                  • Instruction ID: cd0ff63a31a53d86839c1a5ce07a34679cc09665db384d3569e6db54912acae5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6dc2905c6216746abb3c0cd17d9c39e8b2e61a9098f8b336cb1d1698ee7a258
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9061B0B1A40209BFDB10AF64CD85EAA7B69FB84305F00843AF605B72D0D779AD51CF98
                                                                                                                                                                                                                  Function 004030D5 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 651 4030d5-403123 GetTickCount GetModuleFileNameW call 406172 654 403125-40312a 651->654 655 40312f-40315d call 406682 call 405f9d call 406682 GetFileSize 651->655 656 40336f-403373 654->656 663 403163 655->663 664 403248-403256 call 403033 655->664 666 403168-40317f 663->666 670 403327-40332c 664->670 671 40325c-40325f 664->671 668 403181 666->668 669 403183-40318c call 4035e7 666->669 668->669 677 403192-403199 669->677 678 4032e3-4032eb call 403033 669->678 670->656 673 403261-403279 call 4035fd call 4035e7 671->673 674 40328b-4032d7 GlobalAlloc call 406bd1 call 4061a1 CreateFileW 671->674 673->670 702 40327f-403285 673->702 699 4032d9-4032de 674->699 700 4032ed-40331d call 4035fd call 403376 674->700 683 403215-403219 677->683 684 40319b-4031af call 40612d 677->684 678->670 688 403223-403229 683->688 689 40321b-403222 call 403033 683->689 684->688 698 4031b1-4031b8 684->698 695 403238-403240 688->695 696 40322b-403235 call 406b63 688->696 689->688 695->666 701 403246 695->701 696->695 698->688 705 4031ba-4031c1 698->705 699->656 712 403322-403325 700->712 701->664 702->670 702->674 705->688 707 4031c3-4031ca 705->707 707->688 709 4031cc-4031d3 707->709 709->688 711 4031d5-4031f5 709->711 711->670 713 4031fb-4031ff 711->713 712->670 714 40332e-40333f 712->714 715 403201-403205 713->715 716 403207-40320f 713->716 717 403341 714->717 718 403347-40334c 714->718 715->701 715->716 716->688 720 403211-403213 716->720 717->718 719 40334d-403353 718->719 719->719 721 403355-40336d call 40612d 719->721 720->688 721->656
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004030E9
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,00000400), ref: 00403105
                                                                                                                                                                                                                    • Part of subcall function 00406172: GetFileAttributesW.KERNELBASE(00000003,00403118,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,80000000,00000003), ref: 00406176
                                                                                                                                                                                                                    • Part of subcall function 00406172: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406198
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,80000000,00000003), ref: 0040314E
                                                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00008001), ref: 00403290
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                  • String ID: "C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                  • API String ID: 2803837635-3922298446
                                                                                                                                                                                                                  • Opcode ID: c7fb04c733b01e48b7dd739af3966cdbf4a0ed98a64b0cd9befa062c90f9643e
                                                                                                                                                                                                                  • Instruction ID: fa10dec2ede943269712b0c7dd26c00cc534fb31fc6fa5581d899c5550bae655
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7fb04c733b01e48b7dd739af3966cdbf4a0ed98a64b0cd9befa062c90f9643e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0171B071E00204ABDB20DFA4ED86B9E7AACAB04316F60457FF515B62D1CB7C9E418B5C
                                                                                                                                                                                                                  Function 004066BF Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 724 4066bf-4066c8 725 4066ca-4066d9 724->725 726 4066db-4066f5 724->726 725->726 727 406905-40690b 726->727 728 4066fb-406707 726->728 729 406911-40691e 727->729 730 406719-406726 727->730 728->727 731 40670d-406714 728->731 733 406920-406925 call 406682 729->733 734 40692a-40692d 729->734 730->729 732 40672c-406735 730->732 731->727 735 4068f2 732->735 736 40673b-40677e 732->736 733->734 738 406900-406903 735->738 739 4068f4-4068fe 735->739 740 406784-406790 736->740 741 406896-40689a 736->741 738->727 739->727 742 406792 740->742 743 40679a-40679c 740->743 744 40689c-4068a3 741->744 745 4068ce-4068d2 741->745 742->743 748 4067d6-4067d9 743->748 749 40679e-4067bc call 406550 743->749 746 4068b3-4068bf call 406682 744->746 747 4068a5-4068b1 call 4065c9 744->747 750 4068e2-4068f0 lstrlenW 745->750 751 4068d4-4068dd call 4066bf 745->751 760 4068c4-4068ca 746->760 747->760 755 4067db-4067e7 GetSystemDirectoryW 748->755 756 4067ec-4067ef 748->756 759 4067c1-4067c4 749->759 750->727 751->750 761 406879-40687c 755->761 762 406801-406805 756->762 763 4067f1-4067fd GetWindowsDirectoryW 756->763 765 4067ca-4067d1 call 4066bf 759->765 766 40687e-406881 759->766 760->750 767 4068cc 760->767 761->766 768 40688e-406894 call 406930 761->768 762->761 764 406807-406825 762->764 763->762 770 406827-40682d 764->770 771 406839-406851 call 406a76 764->771 765->761 766->768 773 406883-406889 lstrcatW 766->773 767->768 768->750 777 406835-406837 770->777 781 406853-406866 SHGetPathFromIDListW CoTaskMemFree 771->781 782 406868-406871 771->782 773->768 777->771 779 406873-406877 777->779 779->761 781->779 781->782 782->764 782->779
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 004067E1
                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,00421F28,?,?,00000000,00000000,00000000,00000000), ref: 004067F7
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(00000000,Remove folder: ), ref: 00406855
                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 0040685E
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch,00000000,00421F28,?,?,00000000,00000000,00000000,00000000), ref: 00406889
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(Remove folder: ,00000000,00421F28,?,?,00000000,00000000,00000000,00000000), ref: 004068E3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                                  • String ID: 0x00003CF9$Remove folder: $Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                  • API String ID: 4024019347-754663418
                                                                                                                                                                                                                  • Opcode ID: 6f2761d7cb5587a470c052371fa5fb6b0836c691dcd2ac77b9ed8a87730eab65
                                                                                                                                                                                                                  • Instruction ID: 4a93dbd931fcfc477af1f24740db1e2af50c51fdf4929e220b088375b48f32a9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f2761d7cb5587a470c052371fa5fb6b0836c691dcd2ac77b9ed8a87730eab65
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 586147B26053005BEB206F25DD80B6B77E8AB54318F26453FF587B22D0DB3C8961875E
                                                                                                                                                                                                                  Function 00401774 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 847 401774-401799 call 402dab call 405fc8 852 4017a3-4017b5 call 406682 call 405f51 lstrcatW 847->852 853 40179b-4017a1 call 406682 847->853 858 4017ba-4017bb call 406930 852->858 853->858 862 4017c0-4017c4 858->862 863 4017c6-4017d0 call 4069df 862->863 864 4017f7-4017fa 862->864 872 4017e2-4017f4 863->872 873 4017d2-4017e0 CompareFileTime 863->873 865 401802-40181e call 406172 864->865 866 4017fc-4017fd call 40614d 864->866 874 401820-401823 865->874 875 401892-4018bb call 405707 call 403376 865->875 866->865 872->864 873->872 876 401874-40187e call 405707 874->876 877 401825-401863 call 406682 * 2 call 4066bf call 406682 call 405ce2 874->877 889 4018c3-4018cf SetFileTime 875->889 890 4018bd-4018c1 875->890 887 401887-40188d 876->887 877->862 909 401869-40186a 877->909 892 402c38 887->892 891 4018d5-4018e0 CloseHandle 889->891 890->889 890->891 895 4018e6-4018e9 891->895 896 402c2f-402c32 891->896 894 402c3a-402c3e 892->894 898 4018eb-4018fc call 4066bf lstrcatW 895->898 899 4018fe-401901 call 4066bf 895->899 896->892 906 401906-4023a7 call 405ce2 898->906 899->906 906->894 906->896 909->887 911 40186c-40186d 909->911 911->876
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,11386,C:\Program Files\Notepad++\contextMenu,?,?,00000031), ref: 004017B5
                                                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,11386,11386,00000000,00000000,11386,C:\Program Files\Notepad++\contextMenu,?,?,00000031), ref: 004017DA
                                                                                                                                                                                                                    • Part of subcall function 00406682: lstrcpynW.KERNEL32(?,?,00000400,004037B7,00428A60,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040668F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000,?), ref: 0040573F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrlenW.KERNEL32(004030AD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000), ref: 0040574F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrcatW.KERNEL32(00421F28,004030AD,004030AD,00421F28,00000000,00000000,00000000), ref: 00405762
                                                                                                                                                                                                                    • Part of subcall function 00405707: SetWindowTextW.USER32(00421F28,00421F28), ref: 00405774
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040579A
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057B4
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057C2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                  • String ID: 11386$C:\Program Files\Notepad++\contextMenu$Software\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++
                                                                                                                                                                                                                  • API String ID: 1941528284-2206836138
                                                                                                                                                                                                                  • Opcode ID: bd9fbc7af07863f3a75c84bc66e379c521d7d29c5c4cf9d002cd11a3ee8da5f7
                                                                                                                                                                                                                  • Instruction ID: 8b6fd23670850fd9ae356807d0398338211ecbfbdba6d544e24b7f39de498ea1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd9fbc7af07863f3a75c84bc66e379c521d7d29c5c4cf9d002cd11a3ee8da5f7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7541A331900109FACF11BBB5CD85DAE7A79EF41329B21423FF422B10E1D73D8A91966D
                                                                                                                                                                                                                  Function 00405707 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 913 405707-40571c 914 405722-405733 913->914 915 4057d3-4057d7 913->915 916 405735-405739 call 4066bf 914->916 917 40573e-40574a lstrlenW 914->917 916->917 919 405767-40576b 917->919 920 40574c-40575c lstrlenW 917->920 922 40577a-40577e 919->922 923 40576d-405774 SetWindowTextW 919->923 920->915 921 40575e-405762 lstrcatW 920->921 921->919 924 405780-4057c2 SendMessageW * 3 922->924 925 4057c4-4057c6 922->925 923->922 924->925 925->915 926 4057c8-4057cb 925->926 926->915
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000,?), ref: 0040573F
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(004030AD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000), ref: 0040574F
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00421F28,004030AD,004030AD,00421F28,00000000,00000000,00000000), ref: 00405762
                                                                                                                                                                                                                  • SetWindowTextW.USER32(00421F28,00421F28), ref: 00405774
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040579A
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057B4
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 004057C2
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2531174081-0
                                                                                                                                                                                                                  • Opcode ID: 478899543bd82950d8a4d30903f75c7e93d106f960787587e0f6081d0d83e678
                                                                                                                                                                                                                  • Instruction ID: 0122bdc4cc194b68d617bf21deccaf32741d68d09ea49b6ef8aede989cb0ca1f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 478899543bd82950d8a4d30903f75c7e93d106f960787587e0f6081d0d83e678
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9219D71900618FACF119FA5DD84ACFBFB9EF45364F10843AF904B62A0C7794A419FA8
                                                                                                                                                                                                                  Function 00402955 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00402A0B
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A1E
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                                                                                                  • Opcode ID: e87de96bbd71c1e1edc78fd35789a185f22983ee2d9bad77d4c7310a6a5a9276
                                                                                                                                                                                                                  • Instruction ID: 0665ed67c6e74a6a0a4f3ff5189880cf350c83190f31c90c7548f1ee6fedf688
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e87de96bbd71c1e1edc78fd35789a185f22983ee2d9bad77d4c7310a6a5a9276
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5731CF71D00124BBCF21AFA5CD89D9E7EB9AF48364F10023AF511762E1CB794C429B98
                                                                                                                                                                                                                  Function 00404EAE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 963 404eae-404ec5 964 404ed2-404edd 963->964 965 404ec7-404ed0 963->965 967 404ee5-404eeb 964->967 968 404edf-404ee4 964->968 966 404f20-404f74 call 4066bf * 3 lstrlenW wsprintfW SetDlgItemTextW 965->966 969 404ef2-404ef8 967->969 970 404eed-404ef1 967->970 968->967 972 404f07-404f1e 969->972 973 404efa-404f05 969->973 970->969 972->966 973->972
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00422F48,00422F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F4F
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404F58
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00422F48), ref: 00404F6B
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                  • String ID: %u.%u%s%s$H/B
                                                                                                                                                                                                                  • API String ID: 3540041739-2222257793
                                                                                                                                                                                                                  • Opcode ID: 701484786e9e788ccce1f8e608fe17be4446b7c9895a13b6126df495f4584910
                                                                                                                                                                                                                  • Instruction ID: 614c6b03a1206c52a907a8f7c7d2435543e043070c0789599254521b237785a9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 701484786e9e788ccce1f8e608fe17be4446b7c9895a13b6126df495f4584910
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D911D5336041287BDB00666D9C45E9E329CEB85374F254637FA25F31D1EA79C82282E8
                                                                                                                                                                                                                  Function 00406A06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 979 406a06-406a26 GetSystemDirectoryW 980 406a28 979->980 981 406a2a-406a2c 979->981 980->981 982 406a3d-406a3f 981->982 983 406a2e-406a37 981->983 985 406a40-406a73 wsprintfW LoadLibraryExW 982->985 983->982 984 406a39-406a3b 983->984 984->985
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406A1D
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00406A58
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A6C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                  • String ID: %s%S.dll$UXTHEME
                                                                                                                                                                                                                  • API String ID: 2200240437-1106614640
                                                                                                                                                                                                                  • Opcode ID: bea2c3dfad6db3553b24c87bd1a60070de232aee380c5cee9c100d0800ee2260
                                                                                                                                                                                                                  • Instruction ID: 2238e0f1a46f5e25e3951852f43a11dddaa5b7c7f32292af2b6637a080077407
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bea2c3dfad6db3553b24c87bd1a60070de232aee380c5cee9c100d0800ee2260
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFF0FC30601119A7CB14BB68DD0EFAB375C9B01704F10847AA646F10D0EB789664CF98
                                                                                                                                                                                                                  Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D9F
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00401DEA
                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401E3E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                                                  • Opcode ID: 5409701174cc037821a308746f1ef467676f72fb6d339cbf159e8a6e8e9d4097
                                                                                                                                                                                                                  • Instruction ID: 305ae2269dae07fc62aa10ca295236b4d3f8ba7b944ef9ab65218e6e9e6ea469
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5409701174cc037821a308746f1ef467676f72fb6d339cbf159e8a6e8e9d4097
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE210772A04119AFCB15DF98DE45AEEBBB5EF08304F14003AF945F62A0D7789D81DB98
                                                                                                                                                                                                                  Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                  • Opcode ID: 483d17516720e2e8ab10c88a8952f1e8a1428c38e87ce861c3d636333663c13f
                                                                                                                                                                                                                  • Instruction ID: 6f1bda49a4997cd21eb3df4025a59d3ac8dc5d95b16fa6faa4f7de2005ea5abe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 483d17516720e2e8ab10c88a8952f1e8a1428c38e87ce861c3d636333663c13f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57219C7191421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941CB98
                                                                                                                                                                                                                  Function 004061A1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004061BF
                                                                                                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403643,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F), ref: 004061DA
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                  • API String ID: 1716503409-678247507
                                                                                                                                                                                                                  • Opcode ID: ca4f867381b256d976a036b4ee2479ffffcb38332db50c9e5a73bf50e74bc53e
                                                                                                                                                                                                                  • Instruction ID: d5af49f5aac0e4cb02feadf6e990f33ccb34da23aa7fbf3522b8764b63faf6c0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca4f867381b256d976a036b4ee2479ffffcb38332db50c9e5a73bf50e74bc53e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90F09076701204BFEB008F59DD05E9EB7BCEBA5710F11803EF901F7240E6B49A648764
                                                                                                                                                                                                                  Function 004020DD Relevance: 6.1, APIs: 4, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402108
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402119
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00000400,?,0040CE58,0040A000,?,00000008,00000001,000000F0), ref: 00402169
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000,?), ref: 0040573F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrlenW.KERNEL32(004030AD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000), ref: 0040574F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrcatW.KERNEL32(00421F28,004030AD,004030AD,00421F28,00000000,00000000,00000000), ref: 00405762
                                                                                                                                                                                                                    • Part of subcall function 00405707: SetWindowTextW.USER32(00421F28,00421F28), ref: 00405774
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040579A
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057B4
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057C2
                                                                                                                                                                                                                  • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402196
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Librarylstrlen$CallbackDispatcherFreeHandleLoadModuleTextUserWindowlstrcat
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 719239633-0
                                                                                                                                                                                                                  • Opcode ID: 0e58598c2f9ae47e5a6e67c0a92ee9ccd6ff60eaefc91402cb151b79fdbf8016
                                                                                                                                                                                                                  • Instruction ID: d5d67dfdf4745362115819af7549d82072a8f7f049e0964222285d8f4f4a232d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e58598c2f9ae47e5a6e67c0a92ee9ccd6ff60eaefc91402cb151b79fdbf8016
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED215031904108EADF11AFA5CE49A9E7A71FF44359F20413BF201B91E1CBBD8982AA5D
                                                                                                                                                                                                                  Function 00403C62 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B95,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403C74
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B95,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403C88
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C67
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\, xrefs: 00403C98
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsgCBE2.tmp\
                                                                                                                                                                                                                  • API String ID: 2962429428-696241470
                                                                                                                                                                                                                  • Opcode ID: aee73ed6a062803200b229e34675cefdb9ab84dda1d90898f0442dcc956d8ee4
                                                                                                                                                                                                                  • Instruction ID: 8c071fc62b7e332c461b44292a81ac7d95f2e272703a36c0b89becc6b1ca42eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aee73ed6a062803200b229e34675cefdb9ab84dda1d90898f0442dcc956d8ee4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9E04F3140471896D5246F78AE4E9853A185F41335B248326F078F21F0C738995A5AA9
                                                                                                                                                                                                                  Function 004015C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00405FFC: CharNextW.USER32(?,?,C:\,?,00406070,C:\,C:\,74DF3420,?,74DF2EE0,00405DAE,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 0040600A
                                                                                                                                                                                                                    • Part of subcall function 00405FFC: CharNextW.USER32(00000000), ref: 0040600F
                                                                                                                                                                                                                    • Part of subcall function 00405FFC: CharNextW.USER32(00000000), ref: 00406027
                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161F
                                                                                                                                                                                                                    • Part of subcall function 00405BD6: CreateDirectoryW.KERNELBASE(0042C800,?), ref: 00405C18
                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Program Files\Notepad++\contextMenu,?,00000000,000000F0), ref: 00401652
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Program Files\Notepad++\contextMenu, xrefs: 00401645
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                  • String ID: C:\Program Files\Notepad++\contextMenu
                                                                                                                                                                                                                  • API String ID: 1892508949-2319078101
                                                                                                                                                                                                                  • Opcode ID: 819307c6679f9532c6b034fcbe803abd1b19c06554d53736e038738204d93c7a
                                                                                                                                                                                                                  • Instruction ID: 68e4a3e0657f1f56d5d8600c1d99eb964219fead50354605c61944b677c9a350
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 819307c6679f9532c6b034fcbe803abd1b19c06554d53736e038738204d93c7a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD11BE31404214ABCF20AFB5CD0099F36B0EF04368B25493FE946B22F1DA3E4A819B5E
                                                                                                                                                                                                                  Function 00406059 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00406682: lstrcpynW.KERNEL32(?,?,00000400,004037B7,00428A60,NSIS Error,?,00000008,0000000A,0000000C), ref: 0040668F
                                                                                                                                                                                                                    • Part of subcall function 00405FFC: CharNextW.USER32(?,?,C:\,?,00406070,C:\,C:\,74DF3420,?,74DF2EE0,00405DAE,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 0040600A
                                                                                                                                                                                                                    • Part of subcall function 00405FFC: CharNextW.USER32(00000000), ref: 0040600F
                                                                                                                                                                                                                    • Part of subcall function 00405FFC: CharNextW.USER32(00000000), ref: 00406027
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,74DF3420,?,74DF2EE0,00405DAE,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 004060B2
                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3420,?,74DF2EE0,00405DAE,?,74DF3420,74DF2EE0), ref: 004060C2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                  • API String ID: 3248276644-3404278061
                                                                                                                                                                                                                  • Opcode ID: 8ac32a27a18f4c2dd493eafaed9bce6c13b36ca5a95e32c2f60d88480e43d1b4
                                                                                                                                                                                                                  • Instruction ID: c6e62d849c1808a59ce2984a64bb42424f7e4e7bb9f9a1371c2689eace45329e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ac32a27a18f4c2dd493eafaed9bce6c13b36ca5a95e32c2f60d88480e43d1b4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17F04426144E6219D632723A0C05EAF26148F82354B57463FF853B22D1DF3C8D62C17E
                                                                                                                                                                                                                  Function 0040567B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 004056AA
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004056FB
                                                                                                                                                                                                                    • Part of subcall function 0040464D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040465F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                  • Opcode ID: 566dc257d6ecfccfd9b8870a3abbf6eef49955a94d49fdbfe0e36d929d226f84
                                                                                                                                                                                                                  • Instruction ID: 56d6425d582badedfe6e85af8287ead15e3733fa9de593adb61ce7d3cc062d63
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 566dc257d6ecfccfd9b8870a3abbf6eef49955a94d49fdbfe0e36d929d226f84
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1601B131101608ABDF205F41DE80AAF3A39EB84754F90483BF509761D0D77B8C929E6D
                                                                                                                                                                                                                  Function 00406550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegQueryValueExW.KERNELBASE(?,00000000,00000000,00421F28,?,00000800,00000000,?,00421F28,?,?,Remove folder: ,?,00000000,004067C1,80000002), ref: 00406596
                                                                                                                                                                                                                  • RegCloseKey.KERNELBASE(?), ref: 004065A1
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                  • String ID: Remove folder:
                                                                                                                                                                                                                  • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                  • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                  • Instruction ID: 225dfe442f4fc2e839130f584d2f70a73ee2f61c7405cac2e0d59c7fe544a8ff
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39017172510209FEDF218F55DD05EDB3BE8EB54364F014035FD1592190E738D968DBA4
                                                                                                                                                                                                                  Function 004071D5 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5aa4d090f2ad8984d83f4f4e641c2e75da78772a5538c6e641319c1bffeb23fb
                                                                                                                                                                                                                  • Instruction ID: 5108979c3f50e514b4d7e1fb6dd8ed840f295859cf3be547aab63c341a9fbe83
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5aa4d090f2ad8984d83f4f4e641c2e75da78772a5538c6e641319c1bffeb23fb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BA14471E04228DBDF28CFA8C8446ADBBB1FF44305F14856AD856BB281C7786A86DF45
                                                                                                                                                                                                                  Function 004073D6 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 8d5ea1f57b3c7a51107eeb32950adad6d0a1e952e0bb086014bf19e576e1a16a
                                                                                                                                                                                                                  • Instruction ID: e1ca38fbe1868b0530a5cca2aefb0608b46060051e5a62990b8a86f9073b7715
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d5ea1f57b3c7a51107eeb32950adad6d0a1e952e0bb086014bf19e576e1a16a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61912370D04228CBDF28CF98C8547ADBBB1FF44305F14856AD856BB291C778AA86DF45
                                                                                                                                                                                                                  Function 004070EC Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 2a4d9994a082143c1c144eb36683b4c65f38247d7a35d367480abefccda07661
                                                                                                                                                                                                                  • Instruction ID: c8babd12d4b9043659ede3bd230c10fd4be49189821a01af26e4b19fb55261c2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a4d9994a082143c1c144eb36683b4c65f38247d7a35d367480abefccda07661
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1813571D04228DBDF24CFA8C8847ADBBB1FF44305F24856AD456BB281C778AA86DF45
                                                                                                                                                                                                                  Function 00406BF1 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b14ce6b3d8018a6f0b050b5be2694dad1ee6778a4c7b40431f4b258f42aa93ca
                                                                                                                                                                                                                  • Instruction ID: 70604387997e4686e0750d9790b47f8334db0f7ece30ebb4bbc07469160fd387
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b14ce6b3d8018a6f0b050b5be2694dad1ee6778a4c7b40431f4b258f42aa93ca
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4816571D04228DBDF24CFA8C8447ADBBB0FF44315F20856AD856BB281C7786A86DF45
                                                                                                                                                                                                                  Function 0040703F Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: e36820fe09b78ea4b76e3bf6ab2fb301930f737046964227b4143800bf5a8c7d
                                                                                                                                                                                                                  • Instruction ID: 95d77a19c0962547fc3f67c13c4944abdc30b9b20558c44938f244593de0d4a6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e36820fe09b78ea4b76e3bf6ab2fb301930f737046964227b4143800bf5a8c7d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49713471D04228CBDF24CFA8C8847ADBBB1FF48305F15806AD856BB281C7386986DF45
                                                                                                                                                                                                                  Function 0040715D Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 06ef8f5a1822f0b757ae31e3b83f809751af444a1e9c2dfe7d230d3dce02f925
                                                                                                                                                                                                                  • Instruction ID: 33b9de73c5357426475d1ecb6718d507a7f793f52192090568aa5f1be2fe3f26
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06ef8f5a1822f0b757ae31e3b83f809751af444a1e9c2dfe7d230d3dce02f925
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8714671E04228CBDF28CF98C8847ADBBB1FF44305F15856AD856BB281C7786986DF45
                                                                                                                                                                                                                  Function 004070A9 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cfd14bdf320e39a62d2c2df30edf7cb1e1c63a24431ff8987f761f3d68dc011c
                                                                                                                                                                                                                  • Instruction ID: eebb37c65e2131d6119e05978ba22ffeb7e1a1a57c5d17d20a151e235b5fbeda
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfd14bdf320e39a62d2c2df30edf7cb1e1c63a24431ff8987f761f3d68dc011c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD714771E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7786A86DF45
                                                                                                                                                                                                                  Function 0040347E Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                    • Part of subcall function 004035FD: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032FB,?), ref: 0040360B
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A8,00000004,00000000,00000000,?,?,00403322,000000FF,00000000,00000000,00008001,?), ref: 004034C5
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(017071BC,00000000,00000000,00414EF0,00004000,?,00000000,004033A8,00000004,00000000,00000000,?,?,00403322,000000FF,00000000), ref: 004035C0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointer$CountTick
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1092082344-0
                                                                                                                                                                                                                  • Opcode ID: 1344b17e1481b80582bdb0ed23b8c3804af25e72a501c03e477dd398e9b7707c
                                                                                                                                                                                                                  • Instruction ID: 0007fe48f9bd4e0bdf6fbdcb7c574e60e63cda3bf49c02497359f5fe5cde5340
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1344b17e1481b80582bdb0ed23b8c3804af25e72a501c03e477dd398e9b7707c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7319172600215EBC7309F29EE848163BADF744356755023BE501B26F1CBB5AE42DB9D
                                                                                                                                                                                                                  Function 00401BA0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00401C10
                                                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C22
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$AllocFree
                                                                                                                                                                                                                  • String ID: 11386
                                                                                                                                                                                                                  • API String ID: 3394109436-3975973700
                                                                                                                                                                                                                  • Opcode ID: dc8853be1138b779fa27739f63eb55e8c503a151d57956236f417371b8924568
                                                                                                                                                                                                                  • Instruction ID: 755843c12eef3f61fe3821796784c52372e38f60d99e915cd62482290075d307
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc8853be1138b779fa27739f63eb55e8c503a151d57956236f417371b8924568
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D210872904254DBDB20FBA4CE84A5E73B8AB04718715093FF542F32D0C6B89C418BDD
                                                                                                                                                                                                                  Function 0040248F Relevance: 4.6, APIs: 3, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0040B5F8,00000023,00000011,00000002), ref: 004024DA
                                                                                                                                                                                                                  • RegSetValueExW.KERNELBASE(?,?,?,?,0040B5F8,00000000,00000011,00000002), ref: 0040251A
                                                                                                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,0040B5F8,00000000,00000011,00000002), ref: 00402602
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseValuelstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2655323295-0
                                                                                                                                                                                                                  • Opcode ID: 81ef006f859429b00b9abcca35e4ab37611e0a05be3fd89d677ecc4b230cc336
                                                                                                                                                                                                                  • Instruction ID: be9c33e72f15a848a09509bfe82e7b73cbf05d8b6c9bfbfc98f7540490fedb8c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81ef006f859429b00b9abcca35e4ab37611e0a05be3fd89d677ecc4b230cc336
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26119D31900118AEEB10EFA5DE59EAEBAB4AB44318F10483FF404B61C0C7B88E019A58
                                                                                                                                                                                                                  Function 004025A3 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D6
                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E9
                                                                                                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,0040B5F8,00000000,00000011,00000002), ref: 00402602
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Enum$CloseValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 397863658-0
                                                                                                                                                                                                                  • Opcode ID: 1aa1fa7e03e2e2959eb586d87eebd4f1bf9c881af8c1af7dd23a9f1ed0155e9b
                                                                                                                                                                                                                  • Instruction ID: 0e7c906900fe31acaf330cad7c7adc7318663c551a7f251ed3955534a0ac5e15
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aa1fa7e03e2e2959eb586d87eebd4f1bf9c881af8c1af7dd23a9f1ed0155e9b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D017171904205ABEB149F949E58AAF7678FF40308F10443EF505B61C0DBB84E41976D
                                                                                                                                                                                                                  Function 00405D46 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040614D: GetFileAttributesW.KERNELBASE(?,?,00405D52,?,?,00000000,00405F28,?,?,?,?), ref: 00406152
                                                                                                                                                                                                                    • Part of subcall function 0040614D: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406166
                                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F28), ref: 00405D61
                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,?,00000000,00405F28), ref: 00405D69
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D81
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1655745494-0
                                                                                                                                                                                                                  • Opcode ID: dd2cb9d4d09abd673c60ba1604a9489d115b5ba734863609cc63878b625e133a
                                                                                                                                                                                                                  • Instruction ID: 0acf37a9ee2f512ac47c7e2529245a08ad8f268b0df6a501057d50d42e73d58e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd2cb9d4d09abd673c60ba1604a9489d115b5ba734863609cc63878b625e133a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EE06531505A915AC3205B359E0CA6B2998DF86364F198D3BFCA2B11D0DB78884A8A7D
                                                                                                                                                                                                                  Function 00406B21 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406B32
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B47
                                                                                                                                                                                                                  • GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B54
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2567322000-0
                                                                                                                                                                                                                  • Opcode ID: 8ff07581d1a9b179a96ae9e6ed15c74e4a8339333c72220da53f642c9193dd0c
                                                                                                                                                                                                                  • Instruction ID: 81827f21470b180ac16ec44fd3a93238b7e84efd63ad9428fc6c7e52b3791a69
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ff07581d1a9b179a96ae9e6ed15c74e4a8339333c72220da53f642c9193dd0c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E09271600218BBDB10AB54CD01E9E7B6EDB45700F104037BA01B6190D6B1AE62DA94
                                                                                                                                                                                                                  Function 004045DA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(00000408,?,00000000,00404239), ref: 004045F8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID: x
                                                                                                                                                                                                                  • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                  • Opcode ID: 34ad5c192e5d80e2fe056780cfb85f1ec76c14c93851ac1ed3029142a8fbf0ee
                                                                                                                                                                                                                  • Instruction ID: 1e17544944463ae5bb293f72ea26130dcd5d26336f020a66c2857455563892aa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34ad5c192e5d80e2fe056780cfb85f1ec76c14c93851ac1ed3029142a8fbf0ee
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BC01272280200BBDA205B00DE00F0A7B20A7A8702F10C43EF381200B48A705962DB0C
                                                                                                                                                                                                                  Function 00403376 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00008001,00000000,00000000,00000000,00000000,?,?,00403322,000000FF,00000000,00000000,00008001,?), ref: 0040339B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                  • Opcode ID: 3d500f412808721b8c87be071932eede801725a1d128c96ac4c777ed30e32dcd
                                                                                                                                                                                                                  • Instruction ID: 810e563441ec60ddb2e304251acab09d4dc6a46a8481b8ea59e7f14a092257d1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d500f412808721b8c87be071932eede801725a1d128c96ac4c777ed30e32dcd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E231B170200209BFDB129F59DD44E9A3FA9EB04355F10843AF904EA191D3788E51DBA9
                                                                                                                                                                                                                  Function 0040252F Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402560
                                                                                                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,0040B5F8,00000000,00000011,00000002), ref: 00402602
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3356406503-0
                                                                                                                                                                                                                  • Opcode ID: fd1f55a540221de83200365c4b3a84b925a12d486a747a095f062a278a71ea17
                                                                                                                                                                                                                  • Instruction ID: 56becb9136408d6600d44ef8ee1fb8662aacbb8094ba5771dc16c944e9e3e358
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd1f55a540221de83200365c4b3a84b925a12d486a747a095f062a278a71ea17
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39116D71900219EADF14DFA0DA589AE77B4BF04349F20447FE406B62C0D7B84A45EB5D
                                                                                                                                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                  • SendMessageW.USER32(0040A230,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: 44422ec4cc38e602ea7d4d2f5f5b5ed5cf3abc39ac7d2c30bec0a520d1a14902
                                                                                                                                                                                                                  • Instruction ID: 4cdfa14fa51073ec67c7732ce5b449902c092ffb61bdcee16cd85da0f6320b18
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44422ec4cc38e602ea7d4d2f5f5b5ed5cf3abc39ac7d2c30bec0a520d1a14902
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F01F4327212209BE7295B389D05B6B3698E710354F10863FF855F6AF1DA78CC429B4C
                                                                                                                                                                                                                  Function 004057DA Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004057EA
                                                                                                                                                                                                                    • Part of subcall function 0040464D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040465F
                                                                                                                                                                                                                  • CoUninitialize.COMBASE(00000404,00000000), ref: 00405836
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2896919175-0
                                                                                                                                                                                                                  • Opcode ID: 6b48ba6f2f212ba91ce3a94f30354a0bb9d691122d035e2291a9dc674f3f10d0
                                                                                                                                                                                                                  • Instruction ID: 47b15979fd2771e4c3211fb1205fa32a21028b5b356e028cb2016eb217598776
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b48ba6f2f212ba91ce3a94f30354a0bb9d691122d035e2291a9dc674f3f10d0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EF09073A006009AEB116B54AE01B6B77A4FBD4705F05843AEE84632A1DB794C128B9D
                                                                                                                                                                                                                  Function 00405BD6 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(0042C800,?), ref: 00405C18
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405C26
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                                                                                                  • Opcode ID: cc352e270a5c7d66bac2c8a7d463e84c1d5eb2dce2c10117675193e318c6cc25
                                                                                                                                                                                                                  • Instruction ID: c951f985784cdd1ce4bfd292213bf749a6eab04c72170860fc3503b4537cd402
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc352e270a5c7d66bac2c8a7d463e84c1d5eb2dce2c10117675193e318c6cc25
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67F0F4B0C04209DAEB00CFA4D9487EFBBB4FB04309F00842AD541B6281DBB882488BA9
                                                                                                                                                                                                                  Function 00401EE3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401F01
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 00401F0C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallbackDispatcherShowUserWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 82835404-0
                                                                                                                                                                                                                  • Opcode ID: e71b3bef9a7347d56b22a1e3c7199424ba3be51bd6214eded3b02fb52fbfecb5
                                                                                                                                                                                                                  • Instruction ID: 99d32efd9b9f8a439a1184072f6026db0cabc6289a8b638da3b277831c2de48d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e71b3bef9a7347d56b22a1e3c7199424ba3be51bd6214eded3b02fb52fbfecb5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60E09A36A082058FE705EBA8AE485AEB3B0EB40325B200A7FE041F11C0CBB84C00866C
                                                                                                                                                                                                                  Function 00405C65 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F50,?,?,?,0042C800,?), ref: 00405C8E
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405C9B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3712363035-0
                                                                                                                                                                                                                  • Opcode ID: dc4e0aa2a6e4d88c421582106c1d46ba955b2ae98b0244f92ff0ec2e2b298c3d
                                                                                                                                                                                                                  • Instruction ID: 40cf053be3b9956ee682ea3cdb0c0f8171e7446c395677da6238e6dd92eb787c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc4e0aa2a6e4d88c421582106c1d46ba955b2ae98b0244f92ff0ec2e2b298c3d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4E0BFB4600219BFFB109B64EE49F7B7B7CEB00648F418425BD14F2551D77498149A7C
                                                                                                                                                                                                                  Function 00406A76 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,00403755,0000000C,?,?,?,?,?,?,?,?), ref: 00406A88
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406AA3
                                                                                                                                                                                                                    • Part of subcall function 00406A06: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406A1D
                                                                                                                                                                                                                    • Part of subcall function 00406A06: wsprintfW.USER32 ref: 00406A58
                                                                                                                                                                                                                    • Part of subcall function 00406A06: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A6C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2547128583-0
                                                                                                                                                                                                                  • Opcode ID: 09a5520475afffee645b4664441d986c1138b09cf986c3d6b2a713b3520f987f
                                                                                                                                                                                                                  • Instruction ID: b294046d3e4dddd9dd595f306a5883e4a37f4b9faaa0bea25d2c73fe5553ab8f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09a5520475afffee645b4664441d986c1138b09cf986c3d6b2a713b3520f987f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE08636704610AAD610BA709E48C6773A89F86710302C83FF546F6140D738DC32AA79
                                                                                                                                                                                                                  Function 00402C0A Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000B,00000001), ref: 00402C19
                                                                                                                                                                                                                  • InvalidateRect.USER32(?), ref: 00402C29
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 909852535-0
                                                                                                                                                                                                                  • Opcode ID: 8aabf44aa8fcdc962e316a518aeb506cc0fc6c58e6ce3a97276e60daa433cf7b
                                                                                                                                                                                                                  • Instruction ID: 9696e40047693ec77232c0ecbd5c13fe8a7cca97b7493fe99950c9a199bf7ad6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aabf44aa8fcdc962e316a518aeb506cc0fc6c58e6ce3a97276e60daa433cf7b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4E0ECB2750148BFEB11DB94EE85DAEB7B9EB80355F00047EF201E10A0DB744D95DB28
                                                                                                                                                                                                                  Function 00403CBF Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FreeLibrary.KERNELBASE(?,74DF3420,00000000,74DF2EE0,00403C96,C:\Users\user\AppData\Local\Temp\,00403B95,?,?,00000008,0000000A,0000000C), ref: 00403CD9
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00403CE0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1100898210-0
                                                                                                                                                                                                                  • Opcode ID: e704acd8518f49a3d0a2a92ec4fe53f1bbfd132e4ce3dbbc80dd62a742fa1b5c
                                                                                                                                                                                                                  • Instruction ID: 06a7773a87a6ebdea2446109ee2df03548a6e8c84e0f20f173c5af7110d7b553
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e704acd8518f49a3d0a2a92ec4fe53f1bbfd132e4ce3dbbc80dd62a742fa1b5c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E0C2335440305BD6311F09EE0471AB7AC6F45B22F02802AE940BB2618BB81C434FCC
                                                                                                                                                                                                                  Function 00406172 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,00403118,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,80000000,00000003), ref: 00406176
                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406198
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                                                  • Opcode ID: d28f21770be58fa8ab322e44db2ef64be76ab1399ecbb41bfd548adfe90c5e60
                                                                                                                                                                                                                  • Instruction ID: be52236ca1bfc2e7009fe271a1dfd41440a2a0d1ebc26b2cb4c8630358080456
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d28f21770be58fa8ab322e44db2ef64be76ab1399ecbb41bfd548adfe90c5e60
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30D09E31254301EFFF098F20DE16F2EBAA2EB94B00F11952CB682941E0DA715819DB15
                                                                                                                                                                                                                  Function 0040614D Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00405D52,?,?,00000000,00405F28,?,?,?,?), ref: 00406152
                                                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406166
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                  • Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                                                                                  • Instruction ID: c2cf34f9040e51e437c363cb0e130cc408ba31f940be0e29863539f2f5e5855d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34D0C976504220AFC2102728AE0889BBB55DB552717028A35F8A9A22B0CB314C6A8694
                                                                                                                                                                                                                  Function 00405C30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00403638,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 00405C36
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405C44
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                                                                                                  • Opcode ID: 713f00ffaa2578e3ba1d99e04a2fab42aad7341dbc9e3b83e2e07bf738d273a4
                                                                                                                                                                                                                  • Instruction ID: 9ee767d7bb24d12ef4013e29ffdbd8bf560f6e5ed3fd997729cc5c4a92c9c995
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 713f00ffaa2578e3ba1d99e04a2fab42aad7341dbc9e3b83e2e07bf738d273a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EC08C30208601DAEA040B30DE08F073A50BB00340F214439A082E40A4CA308004CD2D
                                                                                                                                                                                                                  Function 00402896 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028B4
                                                                                                                                                                                                                    • Part of subcall function 004065C9: wsprintfW.USER32 ref: 004065D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointerwsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 327478801-0
                                                                                                                                                                                                                  • Opcode ID: be6f6e28811eff9f61e37437ffce11e37693180493ed76b7cb4b0af79cd2cf68
                                                                                                                                                                                                                  • Instruction ID: a9a910f18d9475f192186a99a32baa3f0737176f8f71227260f04108cb8f5765
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be6f6e28811eff9f61e37437ffce11e37693180493ed76b7cb4b0af79cd2cf68
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEE06D71A04108BFDB01ABA5BE499AEB3B9EB44354B20483FF102B00C8CA784D119A2D
                                                                                                                                                                                                                  Function 004028E3 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(00000000,?,?), ref: 004028F7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileFindNext
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2029273394-0
                                                                                                                                                                                                                  • Opcode ID: 401329ef6e5678a8245bb7f05972d0dd7e29564f00aced7edf85da3e34e55ae5
                                                                                                                                                                                                                  • Instruction ID: 473c165911f75e28ccc6619a8506b26a35ad7b2b824692edad1139840d3140c2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 401329ef6e5678a8245bb7f05972d0dd7e29564f00aced7edf85da3e34e55ae5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E065716041099FDB11DBE5DE589AF7378EF00348F20447FD502F21D0E7B98A559B19
                                                                                                                                                                                                                  Function 004023B7 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023EE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 390214022-0
                                                                                                                                                                                                                  • Opcode ID: cc309e7f02997b5e016163de44fe3fdddd8bf4d3fe64c06df27e2bc62d43203d
                                                                                                                                                                                                                  • Instruction ID: 95154b02373db31601182c66ccc42c3a1d246cd64da090b0d32e859a1de181fa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc309e7f02997b5e016163de44fe3fdddd8bf4d3fe64c06df27e2bc62d43203d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DE04F31900524BADB5036B15ECDDBE20685FC8318B14063FFA12B61C2D9FC0C43466D
                                                                                                                                                                                                                  Function 0040651D Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E5C,00000000,?,?), ref: 00406546
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                  • Opcode ID: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                                                                                                                                                                                  • Instruction ID: eb898ae1b777051f051c4ab58df26dcf4e878c8f9f4a5c47b005eb973d4bb03b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75E0E6B2010109BEEF095F50EC0AD7F371DE708710F11452EF906D4051E6B5E9309A39
                                                                                                                                                                                                                  Function 00406224 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteFile.KERNELBASE(00008001,00000000,00000000,00000000,00000000,0040CF86,0040CEF0,0040357E,0040CEF0,0040CF86,00414EF0,00004000,?,00000000,004033A8,00000004), ref: 00406238
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                                  • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                                                                                  • Instruction ID: 6296e445ee025582091cb162a3efd7a4c9b40fecddc6e186669f82422f4bfe72
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00E08C3221021AABDF10AE548C00EEB3B6CEB013A0F02447AFD16E3050D231E83097A9
                                                                                                                                                                                                                  Function 004061F5 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00008001,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035FA,00008001,00008001,004034FE,00414EF0,00004000,?,00000000,004033A8), ref: 00406209
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                  • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                                                                                  • Instruction ID: f029eba0d3a9f8ebddca737992f63761e7b4746d0aa70cfc26448402395c61e3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DE08632154119EBCF106E908C00EEB379CEF15350F014876F921E7440D230E8328FA4
                                                                                                                                                                                                                  Function 004023F9 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040242A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: PrivateProfileString
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1096422788-0
                                                                                                                                                                                                                  • Opcode ID: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
                                                                                                                                                                                                                  • Instruction ID: 816608b18dc0c520cd9a71caba4f9b5dbdb35d60be0fcf423de44464aa3a4457
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95E04F31800229BEDB00EFA0CD09DAD3678AF40304F00093EF510BB0D1E7FC49519749
                                                                                                                                                                                                                  Function 004064EF Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(00000000,00421F28,00000000,00000000,?,?,00000000,?,0040657D,?,00421F28,?,?,Remove folder: ,?,00000000), ref: 00406513
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Open
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                                                                                                  • Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                                                                                                                                                  • Instruction ID: 600eba3f25fec8fd2e0e76c9bf818d2d921b30b98e1649e5cb913c6f6c6f8cb9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DD0123600020DBBDF115E90ED01FAB3B5DAB08714F014826FE06A4091D775D530AB59
                                                                                                                                                                                                                  Function 00404601 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040461B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ItemText
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3367045223-0
                                                                                                                                                                                                                  • Opcode ID: 9f5f9317995870dd68fcf34551989b3f9c33a874f6e62bdf9e4bbf2fb329bfe5
                                                                                                                                                                                                                  • Instruction ID: 8c21c04aad66b2c33a7da01c0675a528dff03a4dd10ca87410b46fafe8cab324
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f5f9317995870dd68fcf34551989b3f9c33a874f6e62bdf9e4bbf2fb329bfe5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39C04C75148300FFE641A755CC42F1FB7ADEF94315F44D92EB55CA11E1C63584209A2A
                                                                                                                                                                                                                  Function 0040464D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040465F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: bbff93e8e7b6fbbde5b3e6835961aabe87c2407351212feb15be82645ba7347e
                                                                                                                                                                                                                  • Instruction ID: 8da91bbb186c2144be8ade9eda525c6e960391099661206c99069da2b113483a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbff93e8e7b6fbbde5b3e6835961aabe87c2407351212feb15be82645ba7347e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AC04C717402007BDA209B609E49F0777545790740F1448397241E50E0DA75E450DA1C
                                                                                                                                                                                                                  Function 00404636 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,00404461), ref: 00404644
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: 7b4bfb7d8a9e2d5081e5309f0fc6290f036d11fbecd93854b33ee848cd02fe6a
                                                                                                                                                                                                                  • Instruction ID: d5eb2a856a333d3101ae379727e71f2b9456d74e3cdd14bb02a2274a242f0d94
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b4bfb7d8a9e2d5081e5309f0fc6290f036d11fbecd93854b33ee848cd02fe6a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DB09235280640AADE215B00DE09F867B66A7A4701F008438B240640B0CAB204A1DB08
                                                                                                                                                                                                                  Function 004035FD Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032FB,?), ref: 0040360B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                  • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                                                                                  • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                                                                                                                                                  Function 00404623 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,004043FA), ref: 0040462D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                                                  • Opcode ID: a1d13c5b68b43feb2506ad2660f88dc7f5461ef8ac70b9f67d62976f64309ddb
                                                                                                                                                                                                                  • Instruction ID: 1e4f5f38d13ad7c97f33cdc532a4b6885827051f8054e7174c13f2a159251e9b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1d13c5b68b43feb2506ad2660f88dc7f5461ef8ac70b9f67d62976f64309ddb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FA00176544900ABCA16AB50EF0980ABB72BBA8701B5288B9A285610348BB25821FB19
                                                                                                                                                                                                                  Function 00401FA9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000,?), ref: 0040573F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrlenW.KERNEL32(004030AD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000), ref: 0040574F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrcatW.KERNEL32(00421F28,004030AD,004030AD,00421F28,00000000,00000000,00000000), ref: 00405762
                                                                                                                                                                                                                    • Part of subcall function 00405707: SetWindowTextW.USER32(00421F28,00421F28), ref: 00405774
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040579A
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057B4
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057C2
                                                                                                                                                                                                                    • Part of subcall function 00405C65: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F50,?,?,?,0042C800,?), ref: 00405C8E
                                                                                                                                                                                                                    • Part of subcall function 00405C65: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405C9B
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FF0
                                                                                                                                                                                                                    • Part of subcall function 00406B21: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406B32
                                                                                                                                                                                                                    • Part of subcall function 00406B21: GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B54
                                                                                                                                                                                                                    • Part of subcall function 004065C9: wsprintfW.USER32 ref: 004065D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2972824698-0
                                                                                                                                                                                                                  • Opcode ID: 39e01db4d7bb7e36a50763a21e61188ad72453b15c8a7f82b5d1bc3d0e99760e
                                                                                                                                                                                                                  • Instruction ID: ba3ed7a1875ec382e1b93905bcfefb33a8222a1057eccf936486356e32fab672
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39e01db4d7bb7e36a50763a21e61188ad72453b15c8a7f82b5d1bc3d0e99760e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48F06D32905125EBDB20BBE599C59DE76F59B00318F25413FE102B21E1CB7C4E459A6E
                                                                                                                                                                                                                  Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                  • Opcode ID: 7c2358abaa7b1b0cd1704e1e742c5bf4243424320bd872a7574f5a87f1a8b95f
                                                                                                                                                                                                                  • Instruction ID: 012154cd729be1abc0cb1ed032b41b568871c5ce383e2dc5326efd784f8d2483
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c2358abaa7b1b0cd1704e1e742c5bf4243424320bd872a7574f5a87f1a8b95f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71D05E73A142018BD710EBB8BE854AF73A8EA403193204C3BD142E1191E6788902861C

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 004062C8 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406463,?,?), ref: 00406303
                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,004265E8,00000400), ref: 0040630C
                                                                                                                                                                                                                    • Part of subcall function 004060D7: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063BC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E7
                                                                                                                                                                                                                    • Part of subcall function 004060D7: lstrlenA.KERNEL32(00000000,?,00000000,004063BC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406119
                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 00406329
                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00406347
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00426DE8,C0000000,00000004,00426DE8,?,?,?,?,?), ref: 00406382
                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406391
                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063C9
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004261E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 0040641F
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406430
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406437
                                                                                                                                                                                                                    • Part of subcall function 00406172: GetFileAttributesW.KERNELBASE(00000003,00403118,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,80000000,00000003), ref: 00406176
                                                                                                                                                                                                                    • Part of subcall function 00406172: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406198
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                  • String ID: %ls=%ls$[Rename]$eB$mB$mB
                                                                                                                                                                                                                  • API String ID: 2171350718-2529913679
                                                                                                                                                                                                                  • Opcode ID: db523023045b127196975f0173c88122861a3a00dd6e7a8812d5311d7169504c
                                                                                                                                                                                                                  • Instruction ID: 393dc7f902851ea198dcc63c4c4a9d42cf85fc1b4335f85fcc59b0ede2066cac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db523023045b127196975f0173c88122861a3a00dd6e7a8812d5311d7169504c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35313571600325BBD2206B29AD49F6B3A6CDF41744F17003AF902F62D3DA7CD82686BC
                                                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                  • DrawTextW.USER32(00000000,00428A60,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                                                  • Opcode ID: 9a1d1952d02a6587733a796de720c08d05f060e36ce2c67ddab1b612aed24319
                                                                                                                                                                                                                  • Instruction ID: 3c33d73dbc2ffdf14e434cca4ae815e9cfbd561affca8d3971a90777bf4c3be5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a1d1952d02a6587733a796de720c08d05f060e36ce2c67ddab1b612aed24319
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34418B71800249AFCF058FA5DE459AFBBB9FF45314F00802EF592AA1A0CB34DA55DFA4
                                                                                                                                                                                                                  Function 00406930 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403620,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 00406993
                                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004069A2
                                                                                                                                                                                                                  • CharNextW.USER32(?,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403620,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 004069A7
                                                                                                                                                                                                                  • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403620,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 004069BA
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00406931
                                                                                                                                                                                                                  • "C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe", xrefs: 00406974
                                                                                                                                                                                                                  • *?|<>/":, xrefs: 00406982
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                                                  • String ID: "C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 589700163-3228555537
                                                                                                                                                                                                                  • Opcode ID: 7c4491ab095b24fecdd0000f8ec6f0e383ca7ce11269c465865605e120ff5cd6
                                                                                                                                                                                                                  • Instruction ID: f71de53da442769783aaa0cb2fea73a85be5ebad64e4744dd58b15c84f46a956
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c4491ab095b24fecdd0000f8ec6f0e383ca7ce11269c465865605e120ff5cd6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2211C8A580021295DB303B548D40B7766F8AF59790F56403FED96B3AC1E77C4C9282BD
                                                                                                                                                                                                                  Function 00404668 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00404685
                                                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 004046C3
                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 004046CF
                                                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 004046DB
                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 004046EE
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 004046FE
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404718
                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00404722
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                                                  • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                                                                                  • Instruction ID: a82f55cf926b6e885627a74f3bab1bdd796941bf972b84b6a5e459a8b365bc4c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C2177715007449BC7309F78DD48B577BF4AF42715B04893DEA96A36E0D738E944CB58
                                                                                                                                                                                                                  Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 0040275D
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402798
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027BB
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027D1
                                                                                                                                                                                                                    • Part of subcall function 00406253: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406269
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040287D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                  • String ID: 9
                                                                                                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                                                                                                  • Opcode ID: 92e9fc4a2bdedd92fae86453cef36d5fd9ef34bcac34679d19d253eb0147ccd2
                                                                                                                                                                                                                  • Instruction ID: 4accc3969fe2a7d0a9ccf1f8c11f2542f9fe60139f427c4dffc821b6e73cd172
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92e9fc4a2bdedd92fae86453cef36d5fd9ef34bcac34679d19d253eb0147ccd2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3510B75D0011AABDF24AF94CA84AAEBB79FF04344F10817BE901B62D0D7B49D828B58
                                                                                                                                                                                                                  Function 00403033 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000), ref: 0040304E
                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040306C
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 0040309A
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000,?), ref: 0040573F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrlenW.KERNEL32(004030AD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030AD,00000000), ref: 0040574F
                                                                                                                                                                                                                    • Part of subcall function 00405707: lstrcatW.KERNEL32(00421F28,004030AD,004030AD,00421F28,00000000,00000000,00000000), ref: 00405762
                                                                                                                                                                                                                    • Part of subcall function 00405707: SetWindowTextW.USER32(00421F28,00421F28), ref: 00405774
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040579A
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057B4
                                                                                                                                                                                                                    • Part of subcall function 00405707: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057C2
                                                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 004030BE
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 004030CC
                                                                                                                                                                                                                    • Part of subcall function 00403017: MulDiv.KERNEL32(00042F81,00000064,00043017), ref: 0040302C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                  • String ID: ... %d%%
                                                                                                                                                                                                                  • API String ID: 722711167-2449383134
                                                                                                                                                                                                                  • Opcode ID: c844b91f24ced077c14a758bff1a62ed25a2b151bbc768ebfdb9d0a12ed3356e
                                                                                                                                                                                                                  • Instruction ID: 5115fc65002d889466af77c95cd87ea57bd417394e766d10746fa218fe5c3c06
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c844b91f24ced077c14a758bff1a62ed25a2b151bbc768ebfdb9d0a12ed3356e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA01C830642610E7CB31AF50AE09A6B3FACAB04706F64043BF441B11D9D6B85A51CF9D
                                                                                                                                                                                                                  Function 00404FBC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404FD7
                                                                                                                                                                                                                  • GetMessagePos.USER32 ref: 00404FDF
                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404FF9
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040500B
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00405031
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                                                  • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                                                                                  • Instruction ID: f32abc49a7be06d84d864a503b70a66925f192d82b82ee1d40ead4c3c6165fb8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79015E31900218BADB00DBA4DD85BFFBBBCEF55711F10412BBA51B61D0D7B4AA058BA5
                                                                                                                                                                                                                  Function 00401E53 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00401E56
                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E70
                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401E89
                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                  • String ID: MS Shell Dlg
                                                                                                                                                                                                                  • API String ID: 3808545654-76309092
                                                                                                                                                                                                                  • Opcode ID: 0c77369168bd7cf80ce1876f53bc619ac932c7fdeb75926795b65e903bb74869
                                                                                                                                                                                                                  • Instruction ID: 3094fbe596e336cf4bf26b394f16fb1ed862d687e7810168c788cd964747d1d2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c77369168bd7cf80ce1876f53bc619ac932c7fdeb75926795b65e903bb74869
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74018871904240EFE7005BB4EE99BDD3FB4AF15301F20997AF581B62E2C6B904859BED
                                                                                                                                                                                                                  Function 00402F98 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB6
                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00402FEA
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402FFA
                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300C
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                  • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                  • Opcode ID: 66e00694bf9c2fcf5817c91216ca696d61ea9415c1ed8b1f40767934bfa15992
                                                                                                                                                                                                                  • Instruction ID: 34bde3d48a8f942e304b41271f5ed33cd318c4bcfffe3c394610842cbdf8d478
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66e00694bf9c2fcf5817c91216ca696d61ea9415c1ed8b1f40767934bfa15992
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10F0317054020CABEF249F60DD4ABEE3B68EB40349F00C03AF606B51D0DBB99A55DB99
                                                                                                                                                                                                                  Function 00402EAE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F4E
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F6E
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1354259210-0
                                                                                                                                                                                                                  • Opcode ID: acaf4fc398a66893391ff6439948fdf9f5bbe1b70c5a8b97b274ab2e0b988985
                                                                                                                                                                                                                  • Instruction ID: 09cb529ade84319239dc5b50ebc61ba38ec7146c59f77be9acf979a475766563
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: acaf4fc398a66893391ff6439948fdf9f5bbe1b70c5a8b97b274ab2e0b988985
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD218B7150011ABFDF119F90CE89EEF7B7DEB10388F100076B949B11E0D7B48E54AA68
                                                                                                                                                                                                                  Function 00405FFC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CharNextW.USER32(?,?,C:\,?,00406070,C:\,C:\,74DF3420,?,74DF2EE0,00405DAE,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe"), ref: 0040600A
                                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 0040600F
                                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00406027
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharNext
                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                  • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                  • Opcode ID: fbda1c126528e77f8eb1d19cbf263a4f79599cb979c26f3e0093e3aefe43dd94
                                                                                                                                                                                                                  • Instruction ID: 6b36e5aaf6ec4384ffc5acae3f619c12edb839be27b3f0f06f1fa7befb24a934
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbda1c126528e77f8eb1d19cbf263a4f79599cb979c26f3e0093e3aefe43dd94
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00F0963198061595DE31F6584C45A7767BCDF55394B02807BE602B71C1D7B888E186DA
                                                                                                                                                                                                                  Function 00405F51 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403632,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 00405F57
                                                                                                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403632,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040392F,?,00000008,0000000A,0000000C), ref: 00405F61
                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405F73
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F51
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                  • API String ID: 2659869361-3081826266
                                                                                                                                                                                                                  • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                                                                                  • Instruction ID: a99b79add3f29df6de165ac7772d062030ca4d7d7db28986cd5f5f8a2b4e36b3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9D0A731101934AAC211AF548D04CDF639C9F463443414C3BF501B30A1CB7D6D6287FD
                                                                                                                                                                                                                  Function 00405F9D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00403141,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,80000000,00000003), ref: 00405FA3
                                                                                                                                                                                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00403141,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,C:\Users\user\Desktop\npp.8.6.7.Installer.x64.exe,80000000,00000003), ref: 00405FB3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                  • API String ID: 2709904686-224404859
                                                                                                                                                                                                                  • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                                                                                  • Instruction ID: 76a3089014cba6cdede5e63107dce03d3cc6699033e3804c636830b34c248568
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1D05EB2401921DAE3126B04DD00D9F63ACEF12300746482AE840E7161D77C5C8186AD
                                                                                                                                                                                                                  Function 004060D7 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063BC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E7
                                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060FF
                                                                                                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,004063BC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406110
                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,004063BC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406119
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2033279849.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033243179.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033309957.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033340080.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2033609221.0000000000445000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_npp.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                                                  • Opcode ID: 95544cd0fbc1c68b6442233ab1bb13ea59abf9e1bd9498eecabbd7b85e38d71d
                                                                                                                                                                                                                  • Instruction ID: 41d5ee4ea83cc4d308be6584820b02a87ee89e19241337121ce36a8d52a16fb8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95544cd0fbc1c68b6442233ab1bb13ea59abf9e1bd9498eecabbd7b85e38d71d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF06235504418EFC702DBA9DD00D9EBFA8EF46350B2640B9E841FB211DA74DE11AB99

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00007FF6E9C3FAC0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.2318940054.00007FF6E9841000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF6E9840000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2318900382.00007FF6E9840000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319288862.00007FF6E9C96000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319400670.00007FF6E9D92000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319445706.00007FF6E9D94000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319483167.00007FF6E9D96000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319519960.00007FF6E9D98000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319560146.00007FF6E9D9A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319597247.00007FF6E9D9B000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319633789.00007FF6E9D9C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319670204.00007FF6E9D9E000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319704336.00007FF6E9DA3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319704336.00007FF6E9DA8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319784320.00007FF6E9DAA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000009.00000002.2319784320.00007FF6E9DFA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_7ff6e9840000_notepad++.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                  • Opcode ID: 7af27f1ea5d123f55afeb0aa06697cf5c769a5e2869b7baa30c411b65287e35e
                                                                                                                                                                                                                  • Instruction ID: 3527174e6c68ef8dc8dc5eb0fe73a8b4254d8c92cf4174df1b5f653e9cf500df
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7af27f1ea5d123f55afeb0aa06697cf5c769a5e2869b7baa30c411b65287e35e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC115A22B55F028AEB00EF60E8543B833B4FB19B58F040E31DA6D867A4DF7CD1948340

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:3.8%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:5.3%
                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                  Total number of Limit Nodes:140
                                                                                                                                                                                                                  execution_graph 112828 7ffe004e3a9a 112829 7ffe004e3aa4 112828->112829 112831 7ffe004e3b4f 112828->112831 112829->112831 112842 7ffe004e3b1c 112829->112842 112830 7ffe004e3ba3 112832 7ffe004e3ca7 112830->112832 112833 7ffe004e3bb6 112830->112833 112831->112830 112857 7ffe004e38b4 112831->112857 112866 7ffe004cfbf0 112831->112866 112924 7ffe004cfad0 112831->112924 112984 7ffe004cfbf9 112831->112984 112836 7ffe004e3d61 112832->112836 112837 7ffe004e3cbe 112832->112837 112834 7ffe004e3c4f 112833->112834 112835 7ffe004e3bc0 112833->112835 112834->112857 113083 7ffe004e8d90 QueryPerformanceCounter GetTickCount 112834->113083 112840 7ffe004e3080 161 API calls 112835->112840 112835->112857 112843 7ffe004e3080 161 API calls 112836->112843 112836->112857 113084 7ffe004fbce0 86 API calls 112837->113084 112840->112857 112841 7ffe004e3cce 112847 7ffe004e3080 161 API calls 112841->112847 113059 7ffe004c0920 86 API calls _log10_special 112842->113059 112843->112857 112845 7ffe004ba860 10 API calls 112855 7ffe004e43fb 112845->112855 112848 7ffe004e3cee 112847->112848 112848->112857 113085 7ffe004fb000 89 API calls 112848->113085 112849 7ffe004e5200 88 API calls 112861 7ffe004e34fa 112849->112861 112850 7ffe004e3b2b 113060 7ffe004e3080 112850->113060 112853 7ffe004e3533 112855->112861 113086 7ffe004c0920 86 API calls _log10_special 112855->113086 112857->112845 112857->112861 112859 7ffe004c0920 86 API calls 112859->112861 112861->112849 112861->112853 112861->112859 112862 7ffe004e3080 161 API calls 112861->112862 113042 7ffe004e9050 112861->113042 113053 7ffe004ba860 112861->113053 113087 7ffe004fdc30 112861->113087 113093 7ffe004e1b10 86 API calls 112861->113093 112862->112861 112867 7ffe004cfc09 112866->112867 112869 7ffe004cfc46 112867->112869 113172 7ffe004df160 78 API calls 112867->113172 112873 7ffe004cfdd4 112869->112873 112875 7ffe004cfcae 112869->112875 112923 7ffe004cfd7d 112869->112923 113175 7ffe004d4fd0 137 API calls _vfwprintf_l 112869->113175 112873->112875 112873->112923 113176 7ffe004d4fd0 137 API calls _vfwprintf_l 112873->113176 112876 7ffe004cfd0b 112875->112876 112875->112923 113173 7ffe004df160 78 API calls 112875->113173 112880 7ffe004cfd6d 112876->112880 112876->112923 113174 7ffe004df160 78 API calls 112876->113174 112880->112923 113094 7ffe004d17d0 112880->113094 112881 7ffe004cfee7 112885 7ffe004cff2e 112881->112885 112886 7ffe004cff4e 112881->112886 112894 7ffe004d006b 112881->112894 112882 7ffe004cffa7 113178 7ffe004c0920 86 API calls _log10_special 112882->113178 112883 7ffe004cffc0 112888 7ffe004d004f 112883->112888 112893 7ffe004d000f 112883->112893 113177 7ffe004df160 78 API calls 112885->113177 112886->112923 113102 7ffe004c28d0 112886->113102 113180 7ffe004c0920 86 API calls _log10_special 112888->113180 112889 7ffe004cfea0 112889->112881 112889->112882 112889->112883 112889->112893 112889->112923 112893->112881 112900 7ffe004d0036 112893->112900 112894->112886 112895 7ffe004d00b0 112894->112895 112897 7ffe004d00d0 112894->112897 113182 7ffe004df160 78 API calls 112895->113182 113181 7ffe004df160 78 API calls 112897->113181 113179 7ffe004c0920 86 API calls _log10_special 112900->113179 112902 7ffe004d0183 112904 7ffe004d01c7 112902->112904 112902->112923 113183 7ffe004df160 78 API calls 112902->113183 112905 7ffe004c28d0 78 API calls 112904->112905 112904->112923 112906 7ffe004d0368 112905->112906 112906->112923 113114 7ffe004d2260 112906->113114 112908 7ffe004d03e9 112919 7ffe004d053a SimpleString::operator= 112908->112919 112908->112923 113184 7ffe004e64f0 77 API calls 112908->113184 112911 7ffe004d040c 112912 7ffe004d0412 112911->112912 112916 7ffe004d0464 112911->112916 113185 7ffe004c0920 86 API calls _log10_special 112912->113185 112914 7ffe004d055f 112914->112923 113128 7ffe004d1a70 112914->113128 112916->112919 112916->112923 113195 7ffe004df210 112916->113195 112919->112923 113124 7ffe004d0830 112919->113124 113186 7ffe00511550 112923->113186 112925 7ffe004cfb16 112924->112925 112980 7ffe004cfb2d 112925->112980 113312 7ffe004d2ef0 112925->113312 112927 7ffe00511550 _log10_special 8 API calls 112928 7ffe004d0458 112927->112928 112928->112830 112929 7ffe004cfb4a 112931 7ffe004cfc46 112929->112931 112929->112980 113322 7ffe004df160 78 API calls 112929->113322 112933 7ffe004cfdd4 112931->112933 112936 7ffe004cfcae 112931->112936 112931->112980 113325 7ffe004d4fd0 137 API calls _vfwprintf_l 112931->113325 112933->112936 112933->112980 113326 7ffe004d4fd0 137 API calls _vfwprintf_l 112933->113326 112935 7ffe004cfd0b 112940 7ffe004cfd6d 112935->112940 112935->112980 113324 7ffe004df160 78 API calls 112935->113324 112936->112935 112936->112980 113323 7ffe004df160 78 API calls 112936->113323 112938 7ffe004d17d0 113 API calls 112941 7ffe004cfea0 112938->112941 112940->112938 112940->112980 112942 7ffe004cfee7 112941->112942 112943 7ffe004cffa7 112941->112943 112944 7ffe004cffc0 112941->112944 112952 7ffe004d000f 112941->112952 112941->112980 112946 7ffe004cff2e 112942->112946 112953 7ffe004d006b 112942->112953 112960 7ffe004cff4e 112942->112960 113328 7ffe004c0920 86 API calls _log10_special 112943->113328 112948 7ffe004d004f 112944->112948 112944->112952 113327 7ffe004df160 78 API calls 112946->113327 113330 7ffe004c0920 86 API calls _log10_special 112948->113330 112949 7ffe004c28d0 78 API calls 112950 7ffe004d016a 112949->112950 112955 7ffe004d4880 78 API calls 112950->112955 112950->112980 112952->112942 112959 7ffe004d0036 112952->112959 112954 7ffe004d00b0 112953->112954 112956 7ffe004d00d0 112953->112956 112953->112960 113332 7ffe004df160 78 API calls 112954->113332 112962 7ffe004d0183 112955->112962 113331 7ffe004df160 78 API calls 112956->113331 113329 7ffe004c0920 86 API calls _log10_special 112959->113329 112960->112949 112960->112980 112964 7ffe004d01c7 112962->112964 112962->112980 113333 7ffe004df160 78 API calls 112962->113333 112965 7ffe004c28d0 78 API calls 112964->112965 112964->112980 112966 7ffe004d0368 112965->112966 112967 7ffe004d2260 87 API calls 112966->112967 112966->112980 112968 7ffe004d03e9 112967->112968 112979 7ffe004d053a SimpleString::operator= 112968->112979 112968->112980 113334 7ffe004e64f0 77 API calls 112968->113334 112969 7ffe004d0830 78 API calls 112974 7ffe004d055f 112969->112974 112971 7ffe004d040c 112972 7ffe004d0412 112971->112972 112976 7ffe004d0464 112971->112976 113335 7ffe004c0920 86 API calls _log10_special 112972->113335 112975 7ffe004d1a70 100 API calls 112974->112975 112974->112980 112978 7ffe004d0598 112975->112978 112977 7ffe004df210 78 API calls 112976->112977 112976->112979 112976->112980 112977->112979 112978->112980 112981 7ffe004e9050 153 API calls 112978->112981 112979->112969 112979->112980 112980->112927 112982 7ffe004d05de 112981->112982 112982->112980 112983 7ffe004c0a10 86 API calls 112982->112983 112983->112980 112985 7ffe004cfc09 112984->112985 112987 7ffe004cfc46 112985->112987 113339 7ffe004df160 78 API calls 112985->113339 112991 7ffe004cfdd4 112987->112991 112992 7ffe004cfd7d 112987->112992 112994 7ffe004cfcae 112987->112994 113342 7ffe004d4fd0 137 API calls _vfwprintf_l 112987->113342 112988 7ffe00511550 _log10_special 8 API calls 112990 7ffe004d0458 112988->112990 112990->112830 112991->112992 112991->112994 113343 7ffe004d4fd0 137 API calls _vfwprintf_l 112991->113343 112992->112988 112994->112992 112995 7ffe004cfd0b 112994->112995 113340 7ffe004df160 78 API calls 112994->113340 112995->112992 112999 7ffe004cfd6d 112995->112999 113341 7ffe004df160 78 API calls 112995->113341 112997 7ffe004d17d0 113 API calls 113008 7ffe004cfea0 112997->113008 112999->112992 112999->112997 113000 7ffe004cfee7 113004 7ffe004cff2e 113000->113004 113005 7ffe004cff4e 113000->113005 113013 7ffe004d006b 113000->113013 113001 7ffe004cffa7 113345 7ffe004c0920 86 API calls _log10_special 113001->113345 113002 7ffe004cffc0 113007 7ffe004d004f 113002->113007 113012 7ffe004d000f 113002->113012 113344 7ffe004df160 78 API calls 113004->113344 113005->112992 113009 7ffe004c28d0 78 API calls 113005->113009 113347 7ffe004c0920 86 API calls _log10_special 113007->113347 113008->112992 113008->113000 113008->113001 113008->113002 113008->113012 113010 7ffe004d016a 113009->113010 113010->112992 113015 7ffe004d4880 78 API calls 113010->113015 113012->113000 113019 7ffe004d0036 113012->113019 113013->113005 113014 7ffe004d00b0 113013->113014 113016 7ffe004d00d0 113013->113016 113349 7ffe004df160 78 API calls 113014->113349 113021 7ffe004d0183 113015->113021 113348 7ffe004df160 78 API calls 113016->113348 113346 7ffe004c0920 86 API calls _log10_special 113019->113346 113021->112992 113023 7ffe004d01c7 113021->113023 113350 7ffe004df160 78 API calls 113021->113350 113023->112992 113024 7ffe004c28d0 78 API calls 113023->113024 113025 7ffe004d0368 113024->113025 113025->112992 113026 7ffe004d2260 87 API calls 113025->113026 113027 7ffe004d03e9 113026->113027 113027->112992 113038 7ffe004d053a SimpleString::operator= 113027->113038 113351 7ffe004e64f0 77 API calls 113027->113351 113028 7ffe004d0830 78 API calls 113033 7ffe004d055f 113028->113033 113030 7ffe004d040c 113031 7ffe004d0412 113030->113031 113035 7ffe004d0464 113030->113035 113352 7ffe004c0920 86 API calls _log10_special 113031->113352 113033->112992 113034 7ffe004d1a70 100 API calls 113033->113034 113037 7ffe004d0598 113034->113037 113035->112992 113036 7ffe004df210 78 API calls 113035->113036 113035->113038 113036->113038 113037->112992 113039 7ffe004e9050 153 API calls 113037->113039 113038->112992 113038->113028 113040 7ffe004d05de 113039->113040 113040->112992 113041 7ffe004c0a10 86 API calls 113040->113041 113041->112992 113353 7ffe004faa00 113042->113353 113044 7ffe004e9179 113044->112861 113045 7ffe004e916c 113045->113044 113367 7ffe004e9620 80 API calls _log10_special 113045->113367 113046 7ffe004e906c 113046->113044 113046->113045 113048 7ffe004e909b 113046->113048 113356 7ff73e4cc440 113046->113356 113048->113045 113049 7ffe004e90eb 113048->113049 113050 7ffe004e90fe 113049->113050 113366 7ffe004c0920 86 API calls _log10_special 113049->113366 113050->112861 113054 7ffe004ba8a3 113053->113054 113056 7ffe004faa00 2 API calls 113054->113056 113058 7ffe004ba8ba 113054->113058 113055 7ffe00511550 _log10_special 8 API calls 113057 7ffe004ba97a 113055->113057 113056->113058 113057->112861 113058->113055 113059->112850 113061 7ffe004e30bb 113060->113061 113062 7ffe004e319b 113060->113062 113416 7ffe004b2700 113061->113416 113064 7ffe00511550 _log10_special 8 API calls 113062->113064 113065 7ffe004e31c3 113064->113065 113065->112857 113083->112857 113084->112841 113085->112857 113086->112861 113088 7ffe004fdc53 113087->113088 113089 7ffe004c0a10 86 API calls 113088->113089 113092 7ffe004fdcdb 113088->113092 113090 7ffe004fdcd3 113089->113090 113423 7ffe004b2350 113090->113423 113092->112861 113093->112861 113095 7ffe004d181a 113094->113095 113097 7ffe004d1803 113094->113097 113096 7ffe004d183f 113095->113096 113095->113097 113210 7ffe004c4d60 104 API calls memcpy_s 113095->113210 113096->112889 113097->113096 113099 7ffe004d191e 113097->113099 113211 7ffe004dd090 78 API calls 113097->113211 113099->113096 113212 7ffe004c0920 86 API calls _log10_special 113099->113212 113213 7ffe004df0a0 113102->113213 113104 7ffe004c28ed 113104->112923 113105 7ffe004d4880 113104->113105 113106 7ffe004d48d0 113105->113106 113107 7ffe004d4a6c SimpleString::operator= 113105->113107 113106->113107 113110 7ffe004d48dd 113106->113110 113108 7ffe004d4a55 113107->113108 113109 7ffe004c28d0 78 API calls 113107->113109 113108->112902 113109->113108 113110->113108 113217 7ffe00501e90 8 API calls _log10_special 113110->113217 113112 7ffe004c28d0 78 API calls 113112->113108 113113 7ffe004d498f SimpleString::operator= 113113->113108 113113->113112 113116 7ffe004d2291 113114->113116 113115 7ffe004d24c5 113115->112908 113119 7ffe004d22c2 113116->113119 113218 7ffe004bcbc0 87 API calls 113116->113218 113117 7ffe004c28d0 78 API calls 113117->113115 113119->113115 113119->113117 113120 7ffe004d2379 113120->113119 113120->113120 113121 7ffe004d250d 113120->113121 113122 7ffe004c28d0 78 API calls 113120->113122 113123 7ffe004c0a10 86 API calls 113121->113123 113122->113120 113123->113119 113125 7ffe004d085c 113124->113125 113126 7ffe004d0b37 113125->113126 113127 7ffe004c28d0 78 API calls 113125->113127 113126->112914 113127->113125 113129 7ffe004d1e4e 113128->113129 113130 7ffe004d1aaf 113128->113130 113136 7ffe004c28d0 78 API calls 113129->113136 113154 7ffe004d1ea7 113129->113154 113131 7ffe004d1c69 113130->113131 113132 7ffe004d1ac3 113130->113132 113133 7ffe004d1c72 113131->113133 113140 7ffe004d1cd0 113131->113140 113134 7ffe004d1ac9 113132->113134 113141 7ffe004d1b2e 113132->113141 113135 7ffe004d1b1c 113133->113135 113134->113135 113136->113154 113154->113135 113167 7ffe004df210 78 API calls 113154->113167 113171 7ffe004d1fa3 SimpleString::operator= 113154->113171 113167->113171 113171->113135 113172->112869 113173->112876 113174->112880 113175->112873 113176->112875 113177->112886 113178->112923 113179->112923 113180->112923 113181->112886 113182->112886 113183->112904 113184->112911 113185->112923 113187 7ffe00511559 113186->113187 113188 7ffe004d0458 113187->113188 113189 7ffe005115a4 IsProcessorFeaturePresent 113187->113189 113188->112830 113190 7ffe005115bc 113189->113190 113306 7ffe00511798 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 113190->113306 113192 7ffe005115cf 113307 7ffe00511570 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 113192->113307 113308 7ffe004dfd60 78 API calls 2 library calls 113195->113308 113197 7ffe004df243 113197->112919 113210->113097 113211->113099 113212->113096 113216 7ffe004dfd60 78 API calls 2 library calls 113213->113216 113215 7ffe004df0c5 113215->113104 113216->113215 113217->113113 113218->113120 113306->113192 113308->113197 113316 7ffe004d2f1b 113312->113316 113313 7ffe004d3044 113336 7ffe004df160 78 API calls 113313->113336 113314 7ffe004d312a 113338 7ffe004df160 78 API calls 113314->113338 113315 7ffe004d2ffa 113315->113313 113315->113314 113316->113315 113319 7ffe004d2fc6 memcpy_s 113316->113319 113321 7ffe004d307c 113316->113321 113319->113321 113337 7ffe004df160 78 API calls 113319->113337 113321->112929 113322->112931 113323->112935 113324->112940 113325->112933 113326->112936 113327->112960 113328->112980 113329->112980 113330->112980 113331->112960 113332->112960 113333->112964 113334->112971 113335->112980 113336->113321 113337->113321 113338->113321 113339->112987 113340->112995 113341->112999 113342->112991 113343->112994 113344->113005 113345->112992 113346->112992 113347->112992 113348->113005 113349->113005 113350->113023 113351->113030 113352->112992 113354 7ffe004faa4d GetTickCount 113353->113354 113355 7ffe004faa12 QueryPerformanceCounter 113353->113355 113354->113046 113355->113046 113357 7ff73e4cc474 Sleep 113356->113357 113358 7ff73e4cc488 SendMessageW 113356->113358 113357->113357 113357->113358 113360 7ff73e4cc4ac 113358->113360 113359 7ff73e4cc542 113368 7ff73e4ca160 113359->113368 113360->113359 113363 7ff73e4cc50d SendMessageW SendMessageW 113360->113363 113363->113359 113366->113050 113367->113044 113369 7ff73e4ca185 swprintf 113368->113369 113381 7ff73e5339a8 113369->113381 113372 7ff73e4ff880 113373 7ff73e4ff889 113372->113373 113374 7ff73e4cc598 113373->113374 113375 7ff73e4ffedc IsProcessorFeaturePresent 113373->113375 113374->113048 113376 7ff73e4ffef4 113375->113376 113414 7ff73e5000d0 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 113376->113414 113378 7ff73e4fff07 113415 7ff73e4ffea8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 113378->113415 113384 7ff73e533a02 113381->113384 113382 7ff73e533a27 113403 7ff73e5385ec 55 API calls _invalid_parameter_noinfo_noreturn 113382->113403 113384->113382 113385 7ff73e533a63 113384->113385 113404 7ff73e531400 58 API calls _invalid_parameter_noinfo_noreturn 113385->113404 113387 7ff73e533a51 113388 7ff73e533bc5 113387->113388 113411 7ff73e52dd14 55 API calls 2 library calls 113387->113411 113390 7ff73e533bdb 113388->113390 113412 7ff73e52dd14 55 API calls 2 library calls 113388->113412 113393 7ff73e4ff880 ctype 8 API calls 113390->113393 113391 7ff73e533b44 113394 7ff73e5434a4 __free_lconv_mon 11 API calls 113391->113394 113395 7ff73e4ca1a4 SetWindowTextW 113393->113395 113394->113387 113395->113372 113396 7ff73e533afe 113396->113391 113397 7ff73e533b19 113396->113397 113398 7ff73e533b6a 113396->113398 113401 7ff73e533b10 113396->113401 113405 7ff73e5434a4 113397->113405 113398->113391 113399 7ff73e533b74 113398->113399 113402 7ff73e5434a4 __free_lconv_mon 11 API calls 113399->113402 113401->113391 113401->113397 113402->113387 113403->113387 113404->113396 113406 7ff73e5434a9 RtlFreeHeap 113405->113406 113407 7ff73e5434da 113405->113407 113406->113407 113408 7ff73e5434c4 GetLastError 113406->113408 113407->113387 113409 7ff73e5434d1 __free_lconv_mon 113408->113409 113413 7ff73e53e2a8 11 API calls _get_daylight 113409->113413 113411->113388 113412->113390 113413->113407 113414->113378 113417 7ffe004b2730 113416->113417 113418 7ffe004b2715 113416->113418 113418->113417 113419 7ffe004b2724 113418->113419 113422 7ffe004c07f0 WaitForSingleObjectEx CloseHandle 113419->113422 113421 7ffe004b2729 113421->113417 113422->113421 113424 7ffe004b2810 113423->113424 113425 7ffe004b2828 EnterCriticalSection LeaveCriticalSection 113424->113425 113426 7ffe004b28af 113424->113426 113427 7ffe004b286b 113425->113427 113430 7ffe004b2861 113425->113430 113426->113092 113428 7ffe004b2879 113427->113428 113429 7ffe004b2871 113427->113429 113435 7ffe004b28d0 DeleteCriticalSection closesocket 113428->113435 113434 7ffe004c07f0 WaitForSingleObjectEx CloseHandle 113429->113434 113433 7ffe004b2897 closesocket 113430->113433 113433->113426 113434->113428 113435->113430 113436 7ff73e4cca70 113437 7ff73e4cca92 _Strcoll 113436->113437 113438 7ff73e4cd249 _LStrxfrm 113437->113438 113446 7ff73e4ccaf9 113437->113446 113451 7ff73e4ccac0 113437->113451 113439 7ff73e4cd23f 113438->113439 113443 7ff73e4cd26a lstrcmpW 113438->113443 113440 7ff73e4ff880 ctype 8 API calls 113439->113440 113445 7ff73e4cd2e2 113440->113445 113441 7ff73e4ccb24 113509 7ff73e4ff8a8 113441->113509 113449 7ff73e4cd27f ShellExecuteW EndDialog 113443->113449 113450 7ff73e4cd288 lstrcmpW 113443->113450 113444 7ff73e4ccae6 EndDialog 113444->113439 113446->113441 113447 7ff73e4ccb1e SetWindowTextW 113446->113447 113464 7ff73e4cd232 collate 113446->113464 113447->113441 113449->113439 113450->113439 113450->113449 113451->113438 113451->113439 113451->113444 113455 7ff73e4ccb6f collate 113456 7ff73e4d9fc0 99 API calls 113455->113456 113457 7ff73e4cd344 113455->113457 113461 7ff73e4ccbfb collate 113456->113461 113537 7ff73e5386d8 113457->113537 113460 7ff73e4cd338 113462 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113460->113462 113461->113460 113463 7ff73e4ff8a8 std::_Facet_Register 59 API calls 113461->113463 113508 7ff73e4cd09c collate 113461->113508 113465 7ff73e4cd33e 113462->113465 113466 7ff73e4ccc62 113463->113466 113562 7ff73e4cc300 SystemParametersInfoW GetWindowRect SetWindowPos 113464->113562 113565 7ff73e4c2700 59 API calls 2 library calls 113465->113565 113468 7ff73e4d9fc0 99 API calls 113466->113468 113467 7ff73e4cd2fd 113469 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113467->113469 113472 7ff73e4ccca9 collate 113468->113472 113471 7ff73e4cd302 113469->113471 113473 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113471->113473 113472->113471 113472->113508 113542 7ff73e4d5130 59 API calls _LStrxfrm 113472->113542 113477 7ff73e4cd308 113473->113477 113475 7ff73e4ccd3a 113543 7ff73e4d4fe0 113475->113543 113478 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113477->113478 113479 7ff73e4cd314 113478->113479 113480 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113479->113480 113481 7ff73e4cd31a 113480->113481 113485 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113481->113485 113482 7ff73e4ccdcc 113482->113465 113488 7ff73e4ff8a8 std::_Facet_Register 59 API calls 113482->113488 113483 7ff73e4ccd4a 113483->113465 113483->113477 113483->113482 113486 7ff73e4cce3d 113483->113486 113489 7ff73e4ccda6 _LStrxfrm 113483->113489 113487 7ff73e4cd320 113485->113487 113486->113489 113490 7ff73e4ff8a8 std::_Facet_Register 59 API calls 113486->113490 113491 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113487->113491 113488->113489 113489->113477 113548 7ff73e4cac70 59 API calls ctype 113489->113548 113490->113489 113493 7ff73e4cd326 113491->113493 113492 7ff73e4cce81 collate 113492->113479 113549 7ff73e4d5130 59 API calls _LStrxfrm 113492->113549 113496 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113493->113496 113495 7ff73e4ccf07 113497 7ff73e4d4fe0 59 API calls 113495->113497 113498 7ff73e4cd32c 113496->113498 113499 7ff73e4ccf18 113497->113499 113500 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113498->113500 113550 7ff73e4d46a0 113499->113550 113501 7ff73e4cd332 113500->113501 113505 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113501->113505 113503 7ff73e4ccf4d 113561 7ff73e4cac70 59 API calls ctype 113503->113561 113505->113460 113506 7ff73e4cd072 SetDlgItemTextW 113506->113508 113507 7ff73e4ccf62 collate 113507->113481 113507->113487 113507->113506 113508->113457 113508->113460 113508->113464 113508->113467 113508->113493 113508->113498 113508->113501 113512 7ff73e4ff8b3 113509->113512 113510 7ff73e4ccb35 113515 7ff73e4d9fc0 113510->113515 113512->113509 113512->113510 113566 7ff73e53a778 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 113512->113566 113567 7ff73e50016c 113512->113567 113571 7ff73e4c2700 59 API calls 2 library calls 113512->113571 113516 7ff73e4da00a 113515->113516 113533 7ff73e4d9ffa collate 113515->113533 113573 7ff73e4c3c50 113516->113573 113518 7ff73e4ff880 ctype 8 API calls 113521 7ff73e4da06d 113518->113521 113519 7ff73e4da016 113520 7ff73e4da080 113519->113520 113519->113533 113584 7ff73e4c3de0 59 API calls 5 library calls 113519->113584 113523 7ff73e4c3c50 59 API calls 113520->113523 113521->113455 113524 7ff73e4da095 113523->113524 113526 7ff73e4da0b8 std::_Throw_Cpp_error _Strcoll 113524->113526 113524->113533 113585 7ff73e4c3de0 59 API calls 5 library calls 113524->113585 113526->113533 113586 7ff73e4da6e0 113526->113586 113533->113518 113711 7ff73e538550 55 API calls 2 library calls 113537->113711 113539 7ff73e5386f1 113712 7ff73e538708 17 API calls _invalid_parameter_noinfo_noreturn 113539->113712 113542->113475 113544 7ff73e4d4ff3 113543->113544 113547 7ff73e4d5011 _LStrxfrm 113544->113547 113713 7ff73e4d5d80 59 API calls 5 library calls 113544->113713 113546 7ff73e4d5065 113546->113483 113547->113483 113548->113492 113549->113495 113551 7ff73e4d46d1 113550->113551 113552 7ff73e4d4715 113551->113552 113553 7ff73e4d477a 113551->113553 113558 7ff73e4d46f1 _LStrxfrm 113551->113558 113560 7ff73e4d47bf 113551->113560 113555 7ff73e4ff8a8 std::_Facet_Register 59 API calls 113552->113555 113552->113560 113557 7ff73e4ff8a8 std::_Facet_Register 59 API calls 113553->113557 113553->113558 113556 7ff73e4d4764 113555->113556 113556->113558 113559 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113556->113559 113557->113558 113558->113503 113559->113560 113714 7ff73e4c2700 59 API calls 2 library calls 113560->113714 113561->113507 113563 7ff73e4ff880 ctype 8 API calls 113562->113563 113564 7ff73e4cc3be 113563->113564 113564->113439 113565->113457 113566->113512 113568 7ff73e50017a std::bad_alloc::bad_alloc 113567->113568 113572 7ff73e528e7c RtlPcToFileHeader RaiseException 113568->113572 113570 7ff73e50018b 113571->113512 113572->113570 113574 7ff73e4c3da4 113573->113574 113578 7ff73e4c3c85 std::_Throw_Cpp_error _Strcoll collate 113573->113578 113575 7ff73e4ff880 ctype 8 API calls 113574->113575 113576 7ff73e4c3db8 113575->113576 113576->113519 113578->113574 113579 7ff73e4c3dd5 113578->113579 113581 7ff73e4c3dd0 113578->113581 113656 7ff73e4c59d0 59 API calls 5 library calls 113578->113656 113580 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113579->113580 113583 7ff73e4c3ddb 113580->113583 113582 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 113581->113582 113582->113579 113584->113519 113585->113524 113657 7ff73e500b68 113586->113657 113589 7ff73e4ff8a8 std::_Facet_Register 59 API calls 113590 7ff73e4da756 113589->113590 113668 7ff73e500754 113590->113668 113592 7ff73e4da776 113672 7ff73e500cd8 113592->113672 113656->113578 113658 7ff73e500754 std::_Lockit::_Lockit 6 API calls 113657->113658 113659 7ff73e500b8a 113658->113659 113667 7ff73e500bce _LStrxfrm 113659->113667 113683 7ff73e500d94 59 API calls std::_Facet_Register 113659->113683 113661 7ff73e500ba2 113684 7ff73e500dc4 56 API calls std::locale::_Setgloballocale 113661->113684 113664 7ff73e4da711 113664->113589 113665 7ff73e500bad 113665->113667 113685 7ff73e533f50 13 API calls 2 library calls 113665->113685 113679 7ff73e5007cc 113667->113679 113669 7ff73e500763 113668->113669 113670 7ff73e500768 113668->113670 113686 7ff73e53d69c 6 API calls std::_Lockit::_Lockit 113669->113686 113670->113592 113687 7ff73e53d9a4 89 API calls 2 library calls 113672->113687 113674 7ff73e500cf1 113688 7ff73e4da990 113674->113688 113676 7ff73e500d0b 113678 7ff73e500d1a 113676->113678 113692 7ff73e53d9a4 89 API calls 2 library calls 113676->113692 113680 7ff73e5007e0 113679->113680 113681 7ff73e5007d7 LeaveCriticalSection 113679->113681 113680->113664 113683->113661 113684->113665 113685->113667 113687->113674 113689 7ff73e4da9a8 113688->113689 113691 7ff73e4da9b2 _LStrxfrm 113688->113691 113689->113691 113693 7ff73e533f50 13 API calls 2 library calls 113689->113693 113691->113676 113692->113678 113693->113691 113711->113539 113713->113546 113714->113558 113715 7ff73e4cc830 113716 7ff73e4cc856 113715->113716 113717 7ff73e4cc849 113715->113717 113718 7ff73e4cc891 113717->113718 113721 7ff73e4cc851 113717->113721 113719 7ff73e4cc89b SetDlgItemTextW 113718->113719 113720 7ff73e4cc8bd 113718->113720 113719->113720 113723 7ff73e4cc8d3 113720->113723 113724 7ff73e4cc8c2 SetWindowTextW 113720->113724 113721->113716 113722 7ff73e4cc878 EndDialog 113721->113722 113725 7ff73e4cc300 11 API calls 113723->113725 113724->113723 113725->113716 113726 7ffe004b7e10 113727 7ffe004b7e1d 113726->113727 113728 7ffe004b7e30 113726->113728 113731 7ffe0050b550 113727->113731 113732 7ffe0050b57b 113731->113732 113733 7ffe004b7e23 113732->113733 113735 7ffe004b5da0 113732->113735 113736 7ffe004b5db6 113735->113736 113737 7ffe004b5dd3 113736->113737 113738 7ffe004eb1e0 19 API calls 113736->113738 113737->113733 113738->113737 113739 7ffe004b8290 113740 7ffe004b82cb 113739->113740 113748 7ffe004b82c3 113739->113748 113740->113748 113750 7ffe004b4bd0 113740->113750 113741 7ffe004b82e3 113742 7ffe004b8386 113741->113742 113744 7ffe004b82ee 113741->113744 113784 7ffe004b8c10 8 API calls _log10_special 113742->113784 113744->113748 113783 7ffe004b8c10 8 API calls _log10_special 113744->113783 113746 7ffe004b836c 113747 7ffe004faa00 2 API calls 113746->113747 113747->113748 113751 7ffe004b4bf0 113750->113751 113752 7ffe004b4c01 113750->113752 113751->113741 113753 7ffe004faa00 2 API calls 113752->113753 113754 7ffe004b4c13 113753->113754 113756 7ffe004c0ab0 86 API calls 113754->113756 113758 7ffe004b4c1c 113754->113758 113755 7ffe004b4c25 113762 7ffe004c0ab0 86 API calls 113755->113762 113757 7ffe004b4c62 113756->113757 113759 7ffe004b4c6c 113757->113759 113760 7ffe004b4caa 113757->113760 113758->113755 113766 7ffe004b4d28 113758->113766 113774 7ffe004b4d12 113758->113774 113813 7ffe004b56d0 QueryPerformanceCounter GetTickCount 113759->113813 113760->113758 113815 7ffe004b56d0 QueryPerformanceCounter GetTickCount 113760->113815 113761 7ffe004b4dce 113772 7ffe004b4ea5 113761->113772 113785 7ffe004c0ab0 113761->113785 113767 7ffe004b4f1d 113762->113767 113764 7ffe004b4c8a 113764->113758 113814 7ffe004e18f0 88 API calls 113764->113814 113765 7ffe004b4da9 113816 7ffe004b56d0 QueryPerformanceCounter GetTickCount 113765->113816 113766->113761 113766->113765 113777 7ffe004b4d97 113766->113777 113780 7ffe004b4e88 113766->113780 113767->113741 113772->113755 113773 7ffe004c0ab0 86 API calls 113772->113773 113773->113755 113775 7ffe004b5390 99 API calls 113774->113775 113775->113755 113776 7ffe004b4e0c 113776->113772 113778 7ffe004b4e2b 113776->113778 113779 7ffe004c0ab0 86 API calls 113777->113779 113799 7ffe004b5390 113778->113799 113779->113765 113817 7ffe004e18f0 88 API calls 113780->113817 113783->113746 113784->113748 113786 7ffe004c0b99 113785->113786 113789 7ffe004c0ab9 113785->113789 113786->113776 113787 7ffe004c0b89 113788 7ffe00511550 _log10_special 8 API calls 113787->113788 113788->113786 113789->113787 113790 7ffe004df210 78 API calls 113789->113790 113791 7ffe004c0b28 113790->113791 113818 7ffe004df3c0 78 API calls 113791->113818 113793 7ffe004c0b4d 113794 7ffe004c0b74 113793->113794 113795 7ffe004c0ba2 113793->113795 113819 7ffe004c0840 81 API calls 113794->113819 113820 7ffe00511678 8 API calls 113795->113820 113798 7ffe004c0ba7 113802 7ffe004b53db 113799->113802 113803 7ffe004b53c1 113799->113803 113800 7ffe004b5410 113801 7ffe004faa00 2 API calls 113800->113801 113806 7ffe004b5436 113801->113806 113802->113800 113805 7ffe004b8080 87 API calls 113802->113805 113803->113802 113826 7ffe004b8080 113803->113826 113805->113800 113807 7ffe004c0ab0 86 API calls 113806->113807 113808 7ffe004b5490 113807->113808 113809 7ffe004c0a10 86 API calls 113808->113809 113810 7ffe004b54e0 113809->113810 113821 7ffe004b7f40 113810->113821 113812 7ffe004b5509 113812->113755 113813->113764 113814->113758 113815->113758 113816->113761 113817->113761 113818->113793 113819->113787 113820->113798 113822 7ffe004b7fd5 113821->113822 113823 7ffe004b7f62 113821->113823 113822->113812 113824 7ffe004b7fb5 113823->113824 113830 7ffe004b60f0 113823->113830 113824->113812 113827 7ffe004b80d5 113826->113827 113828 7ffe004b8095 113826->113828 113827->113802 113828->113827 113896 7ffe004b5990 113828->113896 113831 7ffe004b6122 113830->113831 113839 7ffe004b629c 113830->113839 113833 7ffe004b618b getpeername 113831->113833 113831->113839 113851 7ffe004b621c 113831->113851 113832 7ffe00511550 _log10_special 8 API calls 113834 7ffe004b62f2 113832->113834 113835 7ffe004b61ea WSAGetLastError 113833->113835 113836 7ffe004b621e 113833->113836 113834->113823 113871 7ffe004f5b30 83 API calls _get_daylight 113835->113871 113873 7ffe004ba3e0 113836->113873 113839->113832 113841 7ffe004b6207 113872 7ffe004c0920 86 API calls _log10_special 113841->113872 113842 7ffe004b623c 113842->113851 113884 7ffe0051d1b0 11 API calls _get_daylight 113842->113884 113845 7ffe004b624d 113885 7ffe0051d1b0 11 API calls _get_daylight 113845->113885 113847 7ffe004b6254 113886 7ffe004f5b30 83 API calls _get_daylight 113847->113886 113849 7ffe004b626c 113887 7ffe004c0920 86 API calls _log10_special 113849->113887 113852 7ffe004b79a0 113851->113852 113853 7ffe004b79e1 getsockname 113852->113853 113863 7ffe004b7a6a 113852->113863 113854 7ffe004b7a38 WSAGetLastError 113853->113854 113855 7ffe004b7a71 113853->113855 113888 7ffe004f5b30 83 API calls _get_daylight 113854->113888 113858 7ffe004ba3e0 79 API calls 113855->113858 113857 7ffe00511550 _log10_special 8 API calls 113860 7ffe004b7af3 113857->113860 113861 7ffe004b7a8d 113858->113861 113859 7ffe004b7a55 113889 7ffe004c0920 86 API calls _log10_special 113859->113889 113860->113839 113861->113863 113890 7ffe0051d1b0 11 API calls _get_daylight 113861->113890 113863->113857 113865 7ffe004b7a9e 113891 7ffe0051d1b0 11 API calls _get_daylight 113865->113891 113867 7ffe004b7aa5 113892 7ffe004f5b30 83 API calls _get_daylight 113867->113892 113869 7ffe004b7abd 113893 7ffe004c0920 86 API calls _log10_special 113869->113893 113871->113841 113872->113851 113874 7ffe004ba471 113873->113874 113876 7ffe004ba404 113873->113876 113875 7ffe004ba48e 113874->113875 113877 7ffe004df210 78 API calls 113874->113877 113875->113842 113878 7ffe004ba44b 113876->113878 113894 7ffe004daae0 78 API calls 2 library calls 113876->113894 113877->113875 113895 7ffe0051d1b0 11 API calls _get_daylight 113878->113895 113881 7ffe004ba41f 113881->113878 113883 7ffe004ba424 htons 113881->113883 113882 7ffe004ba459 113882->113842 113883->113842 113884->113845 113885->113847 113886->113849 113887->113851 113888->113859 113889->113863 113890->113865 113891->113867 113892->113869 113893->113863 113894->113881 113895->113882 113897 7ffe004b59b2 113896->113897 113912 7ffe004b5a15 113896->113912 113899 7ffe004b5a56 113897->113899 113900 7ffe004b59d3 113897->113900 113897->113912 113898 7ffe004c0ab0 86 API calls 113901 7ffe004b5ad0 113898->113901 113904 7ffe004c0ab0 86 API calls 113899->113904 113902 7ffe004b59e8 113900->113902 113903 7ffe004b5a2b 113900->113903 113914 7ffe005273d0 113901->113914 113905 7ffe004c0ab0 86 API calls 113902->113905 113906 7ffe004c0ab0 86 API calls 113903->113906 113907 7ffe004b5a65 113904->113907 113908 7ffe004b59f4 113905->113908 113906->113912 113909 7ffe004b7b10 closesocket 113907->113909 113920 7ffe004b7b10 113908->113920 113909->113912 113912->113898 113915 7ffe005273d5 RtlFreeHeap 113914->113915 113916 7ffe004b5ae5 113914->113916 113915->113916 113917 7ffe005273f0 GetLastError 113915->113917 113916->113828 113918 7ffe005273fd __free_lconv_num 113917->113918 113924 7ffe0051d1b0 11 API calls _get_daylight 113918->113924 113921 7ffe004b7b2d 113920->113921 113922 7ffe004b7b7b closesocket 113920->113922 113921->113922 113923 7ffe004b7b39 113921->113923 113922->113912 113923->113912 113924->113916 113925 7ffe004ce5d0 113930 7ffe004ce620 113925->113930 113926 7ffe004ce67a 113967 7ffe004cec20 113926->113967 113929 7ffe004ce663 113997 7ffe004c0920 86 API calls _log10_special 113929->113997 113930->113926 113930->113929 113932 7ffe004c0a10 86 API calls 113934 7ffe004ce6cd 113932->113934 113933 7ffe00511550 _log10_special 8 API calls 113936 7ffe004cead7 113933->113936 113962 7ffe004ce672 113934->113962 113979 7ffe004db050 113934->113979 113937 7ffe004ce75f 113940 7ffe004db050 19 API calls 113937->113940 113966 7ffe004ce9ca 113937->113966 113938 7ffe004ce74a 113938->113937 113998 7ffe004be260 htons memcpy_s 113938->113998 113941 7ffe004ce77e 113940->113941 113942 7ffe004ce793 113941->113942 113999 7ffe004be260 htons memcpy_s 113941->113999 113950 7ffe004ce7c0 113942->113950 113942->113966 114000 7ffe004cdf80 113942->114000 113946 7ffe004ce8b2 htons 113948 7ffe004db050 19 API calls 113946->113948 113951 7ffe004ce8f4 113948->113951 113949 7ffe004ce832 113952 7ffe004ce855 113949->113952 113953 7ffe004ce841 113949->113953 113950->113946 113950->113949 113950->113962 113954 7ffe004ce886 113951->113954 113963 7ffe004ce919 113951->113963 113988 7ffe004cee70 113952->113988 114005 7ffe004c11f0 208 API calls 113953->114005 113958 7ffe004cea9d 113954->113958 113959 7ffe004ce8a8 113954->113959 113954->113962 113957 7ffe004ce853 113957->113954 113957->113962 113957->113966 114008 7ffe004b25b0 99 API calls 113958->114008 114006 7ffe004c1370 207 API calls 2 library calls 113959->114006 113962->113933 113964 7ffe004ce998 htons 113963->113964 113963->113966 113965 7ffe004db050 19 API calls 113964->113965 113965->113966 114007 7ffe004cda50 88 API calls _log10_special 113966->114007 113968 7ffe004cec60 113967->113968 113969 7ffe004df210 78 API calls 113968->113969 113972 7ffe004cecbb 113969->113972 113971 7ffe00511550 _log10_special 8 API calls 113973 7ffe004ce6b2 113971->113973 113974 7ffe004df210 78 API calls 113972->113974 113977 7ffe004ced0c 113972->113977 113978 7ffe004ced7f 113972->113978 113973->113932 113973->113934 113974->113977 113975 7ffe004ced46 113976 7ffe004c0a10 86 API calls 113975->113976 113975->113978 113976->113978 113977->113975 113977->113978 114009 7ffe0051d068 GetSystemTimeAsFileTime 113977->114009 113978->113971 113980 7ffe004db05c 113979->113980 113985 7ffe004db085 113979->113985 113981 7ffe004db061 113980->113981 113987 7ffe004db076 113980->113987 114010 7ffe0051d1b0 11 API calls _get_daylight 113981->114010 113983 7ffe004db066 113983->113938 113984 7ffe00511550 _log10_special 8 API calls 113986 7ffe004db356 113984->113986 113985->113938 113986->113938 113987->113984 113989 7ffe004cee7d 113988->113989 113990 7ffe004cdf80 113988->113990 113989->113957 113991 7ffe004cdf8e 113990->113991 113992 7ffe004cdfd0 socket 113990->113992 113995 7ffe004cdfa5 113991->113995 113996 7ffe004cdf80 2 API calls 113991->113996 113993 7ffe004cdfe6 113992->113993 113994 7ffe004cdfee closesocket 113992->113994 113993->113957 113994->113957 113995->113957 113996->113995 113997->113962 113998->113937 113999->113942 114001 7ffe004cdf8e 114000->114001 114002 7ffe004cdfd0 socket 114000->114002 114001->113950 114003 7ffe004cdfe6 114002->114003 114004 7ffe004cdfee closesocket 114002->114004 114003->113950 114004->113950 114005->113957 114006->113962 114007->113962 114008->113962 114009->113975 114010->113983 114011 7ffe004e430b 114012 7ffe004e431a 114011->114012 114017 7ffe004e4339 114011->114017 114013 7ffe004e432b 114012->114013 114031 7ffe004e5200 114012->114031 114015 7ffe004e3080 161 API calls 114013->114015 114015->114017 114016 7ffe004e4356 114020 7ffe004ba860 10 API calls 114016->114020 114028 7ffe004e34fa 114016->114028 114017->114016 114035 7ffe004e1b10 86 API calls 114017->114035 114019 7ffe004e5200 88 API calls 114019->114028 114024 7ffe004e43fb 114020->114024 114021 7ffe004e9050 153 API calls 114021->114028 114022 7ffe004e3533 114023 7ffe004ba860 10 API calls 114023->114028 114024->114028 114036 7ffe004c0920 86 API calls _log10_special 114024->114036 114027 7ffe004c0920 86 API calls 114027->114028 114028->114019 114028->114021 114028->114022 114028->114023 114028->114027 114029 7ffe004fdc30 93 API calls 114028->114029 114030 7ffe004e3080 161 API calls 114028->114030 114037 7ffe004e1b10 86 API calls 114028->114037 114029->114028 114030->114028 114032 7ffe004e5217 114031->114032 114034 7ffe004e5276 114031->114034 114038 7ffe004e18f0 88 API calls 114032->114038 114034->114013 114035->114016 114036->114028 114037->114028 114038->114034 114039 7ffe0050b230 114040 7ffe0050b25e 114039->114040 114041 7ffe0050b26f 114039->114041 114042 7ffe004c0ab0 86 API calls 114041->114042 114043 7ffe0050b291 114042->114043 114046 7ffe0050b47a 114043->114046 114047 7ffe0050b3fc 114043->114047 114060 7ffe0050b373 114043->114060 114044 7ffe004c0ab0 86 API calls 114045 7ffe0050b527 114044->114045 114050 7ffe0050b47e 114046->114050 114051 7ffe0050b494 114046->114051 114048 7ffe0050b404 114047->114048 114049 7ffe0050b425 114047->114049 114095 7ffe004c0920 86 API calls _log10_special 114048->114095 114055 7ffe0050b413 114049->114055 114096 7ffe004c0920 86 API calls _log10_special 114049->114096 114097 7ffe004c0920 86 API calls _log10_special 114050->114097 114053 7ffe0050b4bf 114051->114053 114056 7ffe0050b4a9 114051->114056 114063 7ffe00508c36 114053->114063 114079 7ffe00508c90 114053->114079 114059 7ffe004faa00 2 API calls 114055->114059 114055->114060 114098 7ffe004c0920 86 API calls _log10_special 114056->114098 114059->114060 114060->114044 114064 7ffe00508cbe 114063->114064 114065 7ffe004ba860 10 API calls 114064->114065 114069 7ffe00508cc6 114064->114069 114075 7ffe00508cfd 114064->114075 114067 7ffe00508ce9 114065->114067 114066 7ffe00508de2 114066->114069 114197 7ffe005099a0 90 API calls _log10_special 114066->114197 114078 7ffe00508da3 114067->114078 114099 7ffe00508e50 114067->114099 114068 7ffe004ba860 10 API calls 114068->114075 114069->114055 114073 7ffe004eb1e0 19 API calls 114073->114075 114075->114066 114075->114068 114075->114069 114075->114073 114076 7ffe00508dad WSAGetLastError 114075->114076 114075->114078 114151 7ffe00509330 114075->114151 114195 7ffe004c0920 86 API calls _log10_special 114076->114195 114078->114069 114196 7ffe004c0920 86 API calls _log10_special 114078->114196 114080 7ffe00508cbe 114079->114080 114081 7ffe004ba860 10 API calls 114080->114081 114091 7ffe00508cfd 114080->114091 114094 7ffe00508cc6 114080->114094 114083 7ffe00508ce9 114081->114083 114082 7ffe00508de2 114082->114094 114252 7ffe005099a0 90 API calls _log10_special 114082->114252 114084 7ffe00508da3 114083->114084 114086 7ffe00508e50 105 API calls 114083->114086 114084->114094 114251 7ffe004c0920 86 API calls _log10_special 114084->114251 114085 7ffe004ba860 10 API calls 114085->114091 114086->114091 114089 7ffe004eb1e0 19 API calls 114089->114091 114090 7ffe00509330 146 API calls 114090->114091 114091->114082 114091->114084 114091->114085 114091->114089 114091->114090 114092 7ffe00508dad WSAGetLastError 114091->114092 114091->114094 114250 7ffe004c0920 86 API calls _log10_special 114092->114250 114094->114055 114095->114055 114096->114055 114097->114060 114098->114060 114100 7ffe00508e93 114099->114100 114198 7ffe00504430 114100->114198 114103 7ffe00508ee1 114105 7ffe00508ee8 GetModuleHandleA GetProcAddress 114103->114105 114106 7ffe00508f2c 114103->114106 114104 7ffe004c0a10 86 API calls 114104->114103 114105->114106 114107 7ffe00508f0a 114105->114107 114109 7ffe00504430 20 API calls 114106->114109 114115 7ffe00508f3f 114106->114115 114108 7ffe00504430 20 API calls 114107->114108 114110 7ffe00508f24 114108->114110 114111 7ffe00508f60 114109->114111 114110->114106 114112 7ffe005092e8 114111->114112 114111->114115 114232 7ffe004c0920 86 API calls _log10_special 114112->114232 114123 7ffe00509004 114115->114123 114215 7ffe00507c50 114115->114215 114116 7ffe00511550 _log10_special 8 API calls 114118 7ffe0050930b 114116->114118 114117 7ffe00508fc4 114119 7ffe00508fe3 114117->114119 114120 7ffe00508ffc 114117->114120 114149 7ffe00508ff2 114117->114149 114118->114075 114223 7ffe004c0920 86 API calls _log10_special 114119->114223 114224 7ffe00525490 76 API calls 2 library calls 114120->114224 114124 7ffe004db050 19 API calls 114123->114124 114123->114149 114125 7ffe0050902a 114124->114125 114126 7ffe0050903d 114125->114126 114128 7ffe004db050 19 API calls 114125->114128 114127 7ffe004c0a10 86 API calls 114126->114127 114129 7ffe00509050 114126->114129 114127->114129 114128->114126 114130 7ffe00509076 114129->114130 114131 7ffe00509107 114129->114131 114137 7ffe0050908f memcpy_s 114129->114137 114225 7ffe004c0920 86 API calls _log10_special 114130->114225 114133 7ffe00509195 114131->114133 114134 7ffe0050917c 114131->114134 114136 7ffe005091f8 114133->114136 114140 7ffe0050926f 114133->114140 114226 7ffe004c0920 86 API calls _log10_special 114134->114226 114227 7ffe004f53f0 83 API calls 2 library calls 114136->114227 114138 7ffe004c0a10 86 API calls 114137->114138 114138->114131 114140->114149 114231 7ffe004c0920 86 API calls _log10_special 114140->114231 114141 7ffe00509217 114142 7ffe00509225 114141->114142 114143 7ffe00509259 114141->114143 114144 7ffe00509243 114142->114144 114145 7ffe0050922d 114142->114145 114230 7ffe004c0920 86 API calls _log10_special 114143->114230 114229 7ffe004c0920 86 API calls _log10_special 114144->114229 114228 7ffe004c0920 86 API calls _log10_special 114145->114228 114149->114116 114152 7ffe0050936e 114151->114152 114153 7ffe005093ee 114152->114153 114162 7ffe0050994b 114152->114162 114194 7ffe0052994c 12 API calls 114152->114194 114154 7ffe00509426 114153->114154 114155 7ffe0050946a 114153->114155 114153->114162 114234 7ffe004c0920 86 API calls _log10_special 114154->114234 114170 7ffe005094bb memcpy_s 114155->114170 114235 7ffe004c0920 86 API calls _log10_special 114155->114235 114157 7ffe00509435 114159 7ffe00511550 _log10_special 8 API calls 114157->114159 114160 7ffe00509459 114159->114160 114160->114075 114163 7ffe005098b7 114163->114162 114245 7ffe004f53f0 83 API calls 2 library calls 114163->114245 114165 7ffe00509935 114249 7ffe004c0920 86 API calls _log10_special 114165->114249 114166 7ffe00509875 114166->114162 114172 7ffe0050989d 114166->114172 114243 7ffe00509d60 136 API calls _log10_special 114166->114243 114167 7ffe005096b0 114167->114162 114167->114166 114177 7ffe00509828 114167->114177 114187 7ffe0050979b memcpy_s 114167->114187 114169 7ffe0050991f 114248 7ffe004c0920 86 API calls _log10_special 114169->114248 114170->114162 114170->114163 114170->114167 114236 7ffe004c0920 86 API calls _log10_special 114170->114236 114172->114162 114244 7ffe0050a140 110 API calls 2 library calls 114172->114244 114173 7ffe00509909 114247 7ffe004c0920 86 API calls _log10_special 114173->114247 114174 7ffe005098dc 114174->114165 114174->114169 114174->114173 114246 7ffe004c0920 86 API calls _log10_special 114174->114246 114240 7ffe004f53f0 83 API calls 2 library calls 114177->114240 114181 7ffe00509815 114183 7ffe0050985e 114181->114183 114184 7ffe00509858 CertFreeCertificateContext 114181->114184 114182 7ffe0050983c 114241 7ffe004c0920 86 API calls _log10_special 114182->114241 114183->114166 114242 7ffe004c0920 86 API calls _log10_special 114183->114242 114184->114183 114187->114181 114188 7ffe00509817 114187->114188 114189 7ffe005097f2 114187->114189 114239 7ffe004c0920 86 API calls _log10_special 114188->114239 114237 7ffe0050c0a0 95 API calls 3 library calls 114189->114237 114192 7ffe00509800 114192->114181 114238 7ffe004c0920 86 API calls _log10_special 114192->114238 114194->114153 114195->114069 114196->114069 114197->114069 114199 7ffe0050446f GetModuleHandleA GetProcAddress 114198->114199 114200 7ffe0050449a memcpy_s 114198->114200 114199->114200 114201 7ffe005044cb 114200->114201 114202 7ffe00504539 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask 114200->114202 114205 7ffe00511550 _log10_special 8 API calls 114201->114205 114203 7ffe00504598 114202->114203 114204 7ffe00504581 VerSetConditionMask 114202->114204 114207 7ffe005045ba VerifyVersionInfoW 114203->114207 114208 7ffe005045af RtlVerifyVersionInfo 114203->114208 114204->114203 114206 7ffe00504661 114205->114206 114206->114103 114206->114104 114212 7ffe005045c6 114207->114212 114208->114212 114209 7ffe005045fc VerSetConditionMask 114210 7ffe00504626 RtlVerifyVersionInfo 114209->114210 114211 7ffe00504631 VerifyVersionInfoW 114209->114211 114210->114201 114211->114201 114212->114201 114212->114209 114213 7ffe00504430 8 API calls 114212->114213 114214 7ffe005045f8 114213->114214 114214->114201 114214->114209 114216 7ffe00507c94 114215->114216 114217 7ffe004c0a10 86 API calls 114216->114217 114218 7ffe00507d55 114217->114218 114233 7ffe004c0920 86 API calls _log10_special 114218->114233 114220 7ffe00508c05 114221 7ffe00511550 _log10_special 8 API calls 114220->114221 114222 7ffe00508c19 114221->114222 114222->114117 114223->114149 114224->114123 114225->114149 114226->114149 114227->114141 114228->114149 114229->114149 114230->114149 114231->114149 114232->114149 114233->114220 114234->114157 114235->114170 114236->114167 114237->114192 114238->114181 114239->114181 114240->114182 114241->114181 114242->114166 114243->114172 114244->114163 114245->114174 114246->114173 114247->114169 114248->114165 114249->114162 114250->114094 114251->114094 114252->114094 114253 7ff73e4ce720 114254 7ff73e4ce7e5 ShellExecuteW 114253->114254 114255 7ff73e4ce751 FindWindowExW 114253->114255 114259 7ff73e4ce823 114254->114259 114255->114254 114258 7ff73e4ce773 MessageBoxW 114255->114258 114258->114259 114263 7ff73e4ce7a4 114258->114263 114261 7ff73e4ce7b0 SendMessageW 114262 7ff73e4ce7d0 FindWindowExW 114261->114262 114261->114263 114262->114254 114262->114261 114263->114261 114263->114262 114264 7ff73e4ca1e0 114265 7ff73e4ca1fb 114264->114265 114266 7ff73e4ca20e CallNextHookEx 114264->114266 114265->114266 114268 7ff73e4ca240 114265->114268 114269 7ff73e4ca309 114268->114269 114270 7ff73e4ca257 LoadImageW LoadImageW 114268->114270 114269->114266 114270->114269 114271 7ff73e4ca2db 114270->114271 114271->114269 114272 7ff73e4ca2e0 SendMessageW SendMessageW 114271->114272 114272->114269 114273 7ffe004b5b00 114274 7ffe004b5b3c 114273->114274 114291 7ffe004b5b41 114273->114291 114275 7ffe004b5c49 114274->114275 114274->114291 114307 7ffe004b73f0 114274->114307 114278 7ffe004eb1e0 19 API calls 114275->114278 114276 7ffe00511550 _log10_special 8 API calls 114279 7ffe004b5d23 114276->114279 114281 7ffe004b5c62 114278->114281 114283 7ffe004b5c68 114281->114283 114284 7ffe004b5c7f 114281->114284 114282 7ffe004b5bb6 114285 7ffe004b5bca WSASetLastError 114282->114285 114286 7ffe004b5c14 114282->114286 114282->114291 114288 7ffe004c0ab0 86 API calls 114283->114288 114287 7ffe004b5cb7 114284->114287 114289 7ffe004b5c91 114284->114289 114370 7ffe004f5b30 83 API calls _get_daylight 114285->114370 114286->114291 114296 7ffe004b7b10 closesocket 114286->114296 114366 7ffe004b7cd0 SleepEx getsockopt 114287->114366 114288->114291 114289->114282 114299 7ffe004b7cd0 3 API calls 114289->114299 114291->114276 114293 7ffe004b5b80 connect 114293->114275 114294 7ffe004b5b9e WSAGetLastError 114293->114294 114369 7ffe004b7ba0 91 API calls _log10_special 114294->114369 114295 7ffe004b5bf2 114300 7ffe004c0a10 86 API calls 114295->114300 114296->114291 114299->114282 114300->114286 114301 7ffe004b5cd2 114302 7ffe004faa00 2 API calls 114301->114302 114303 7ffe004b5cdc 114302->114303 114304 7ffe004b79a0 94 API calls 114303->114304 114305 7ffe004b5cf1 114304->114305 114306 7ffe004c0ab0 86 API calls 114305->114306 114306->114291 114308 7ffe004faa00 2 API calls 114307->114308 114309 7ffe004b7434 114308->114309 114371 7ffe004b7c30 114309->114371 114311 7ffe004b7458 114312 7ffe004ba3e0 79 API calls 114311->114312 114314 7ffe004b74c6 114311->114314 114315 7ffe004b747c 114312->114315 114313 7ffe004b785f closesocket 114333 7ffe004b74f6 114313->114333 114314->114313 114314->114333 114317 7ffe004b751f 114315->114317 114318 7ffe004b7484 114315->114318 114316 7ffe004c0ab0 86 API calls 114319 7ffe004b788c 114316->114319 114322 7ffe004b7529 setsockopt 114317->114322 114323 7ffe004b7553 114317->114323 114375 7ffe0051d1b0 11 API calls _get_daylight 114318->114375 114321 7ffe00511550 _log10_special 8 API calls 114319->114321 114325 7ffe004b5b60 114321->114325 114322->114323 114326 7ffe004c0a10 86 API calls 114323->114326 114324 7ffe004b7489 114376 7ffe0051d1b0 11 API calls _get_daylight 114324->114376 114325->114282 114325->114291 114325->114293 114325->114294 114328 7ffe004b7572 114326->114328 114332 7ffe004b7594 setsockopt 114328->114332 114349 7ffe004b75e8 114328->114349 114329 7ffe004b7496 114377 7ffe0051d1b0 11 API calls _get_daylight 114329->114377 114331 7ffe004b749d 114378 7ffe004f5b30 83 API calls _get_daylight 114331->114378 114335 7ffe004b75bf WSAGetLastError 114332->114335 114332->114349 114333->114316 114380 7ffe004f5b30 83 API calls _get_daylight 114335->114380 114336 7ffe004b74b1 114379 7ffe004c0920 86 API calls _log10_special 114336->114379 114337 7ffe004b764c getsockopt 114342 7ffe004b767d setsockopt 114337->114342 114343 7ffe004b7673 114337->114343 114338 7ffe004b762f 114346 7ffe004b76b4 setsockopt 114338->114346 114353 7ffe004b76f6 114338->114353 114340 7ffe00504430 20 API calls 114345 7ffe004b762b 114340->114345 114342->114338 114343->114338 114343->114342 114344 7ffe004b75d6 114347 7ffe004c0a10 86 API calls 114344->114347 114345->114337 114345->114338 114348 7ffe004b76e4 114346->114348 114355 7ffe004b76fb 114346->114355 114347->114349 114351 7ffe004c0a10 86 API calls 114348->114351 114349->114340 114349->114345 114350 7ffe004b77e7 114381 7ffe004b6dd0 235 API calls 2 library calls 114350->114381 114351->114353 114352 7ffe004b7820 114374 7ffe004e60a0 ioctlsocket 114352->114374 114353->114314 114353->114350 114353->114352 114356 7ffe004b7727 WSAIoctl 114355->114356 114356->114353 114359 7ffe004b776f WSAGetLastError 114356->114359 114358 7ffe004b782d 114358->114333 114363 7ffe004b79a0 94 API calls 114358->114363 114361 7ffe004c0a10 86 API calls 114359->114361 114360 7ffe004b7809 114360->114352 114362 7ffe004b780f 114360->114362 114361->114353 114362->114314 114364 7ffe004b783d 114363->114364 114365 7ffe004faa00 2 API calls 114364->114365 114365->114333 114367 7ffe004b7d21 WSAGetLastError 114366->114367 114368 7ffe004b5cca 114366->114368 114367->114368 114368->114282 114368->114301 114369->114282 114370->114295 114372 7ffe004b7c7a socket 114371->114372 114373 7ffe004b7c52 114371->114373 114372->114373 114373->114311 114374->114358 114375->114324 114376->114329 114377->114331 114378->114336 114379->114314 114380->114344 114381->114360 114382 7ffe004b51c0 114383 7ffe004c0ab0 86 API calls 114382->114383 114384 7ffe004b51e2 114383->114384 114391 7ffe004b5760 114384->114391 114387 7ffe004b520f 114389 7ffe004b8080 87 API calls 114389->114387 114392 7ffe004b51ed 114391->114392 114393 7ffe004b577a 114391->114393 114392->114387 114397 7ffe004b9e70 114392->114397 114394 7ffe004b8080 87 API calls 114393->114394 114395 7ffe004b57a0 114393->114395 114394->114395 114395->114392 114396 7ffe004b8080 87 API calls 114395->114396 114396->114392 114398 7ffe004c0ab0 86 API calls 114397->114398 114399 7ffe004b9e9b 114398->114399 114400 7ffe004b5203 114399->114400 114404 7ffe0050b1e0 114399->114404 114400->114389 114402 7ffe004b8080 87 API calls 114402->114400 114409 7ffe0050d3c0 114404->114409 114406 7ffe0050b206 114407 7ffe004b9eb7 114406->114407 114414 7ffe004ba120 114406->114414 114407->114402 114410 7ffe0050d422 114409->114410 114411 7ffe0050d3d6 114409->114411 114410->114406 114423 7ffe00507800 114411->114423 114415 7ffe004c0ab0 86 API calls 114414->114415 114416 7ffe004ba14b 114415->114416 114441 7ffe004bab40 114416->114441 114419 7ffe004ba17f 114419->114407 114420 7ffe004ba173 114421 7ffe004b8080 87 API calls 114420->114421 114421->114419 114424 7ffe00507843 114423->114424 114427 7ffe0050785a 114423->114427 114425 7ffe004c0a10 86 API calls 114424->114425 114425->114427 114426 7ffe00507a49 114430 7ffe00511550 _log10_special 8 API calls 114426->114430 114431 7ffe005079b6 __vcrt_freefls 114427->114431 114435 7ffe005078dd 114427->114435 114439 7ffe004f53f0 83 API calls 2 library calls 114427->114439 114428 7ffe00507a26 114428->114426 114438 7ffe005273d0 11 API calls 114428->114438 114433 7ffe00507a85 114430->114433 114431->114428 114436 7ffe00507a1a CertCloseStore 114431->114436 114432 7ffe005078cb 114440 7ffe004c0920 86 API calls _log10_special 114432->114440 114433->114406 114435->114431 114437 7ffe004c0a10 86 API calls 114435->114437 114436->114428 114437->114431 114438->114426 114439->114432 114440->114435 114442 7ffe004bab64 114441->114442 114444 7ffe004bab74 114441->114444 114442->114444 114445 7ffe004b8080 87 API calls 114442->114445 114443 7ffe004bab9e 114446 7ffe004ba156 114443->114446 114448 7ffe004b8080 87 API calls 114443->114448 114444->114443 114447 7ffe004b8080 87 API calls 114444->114447 114445->114444 114446->114419 114449 7ffe004b5830 114446->114449 114447->114443 114448->114446 114450 7ffe004b5977 114449->114450 114451 7ffe004b5852 114449->114451 114450->114420 114451->114450 114452 7ffe004b58f8 114451->114452 114453 7ffe004b5878 114451->114453 114456 7ffe004c0ab0 86 API calls 114452->114456 114454 7ffe004b588f 114453->114454 114455 7ffe004b58d2 114453->114455 114457 7ffe004c0ab0 86 API calls 114454->114457 114458 7ffe004c0ab0 86 API calls 114455->114458 114459 7ffe004b5907 114456->114459 114460 7ffe004b589b 114457->114460 114463 7ffe004b58bc 114458->114463 114461 7ffe004b7b10 closesocket 114459->114461 114462 7ffe004b7b10 closesocket 114460->114462 114461->114463 114462->114463 114463->114420 114464 7ffe004b9640 114467 7ffe004c3510 AcquireSRWLockExclusive 114464->114467 114466 7ffe004b9654 114468 7ffe004c352a 114467->114468 114469 7ffe004c354e ReleaseSRWLockExclusive 114467->114469 114475 7ffe004c3de0 114468->114475 114479 7ffe004fe240 114469->114479 114472 7ffe004c3536 114472->114469 114474 7ffe004c353a ReleaseSRWLockExclusive 114472->114474 114473 7ffe004c3565 114473->114466 114474->114466 114476 7ffe004c3dfe 114475->114476 114478 7ffe004c3e61 114475->114478 114476->114478 114485 7ffe004f6cb0 114476->114485 114478->114472 114540 7ffe00528778 114479->114540 114480 7ffe004fe265 114480->114473 114481 7ffe004fe25d 114481->114480 114547 7ffe0050c700 GetEnvironmentVariableA 114481->114547 114483 7ffe004fe46a 114483->114473 114486 7ffe004f6d16 114485->114486 114487 7ffe004f6cce WSAStartup 114485->114487 114517 7ffe004c0700 114486->114517 114488 7ffe004f6cf9 114487->114488 114489 7ffe004f6ce2 114487->114489 114492 7ffe00511550 _log10_special 8 API calls 114488->114492 114489->114486 114491 7ffe004f6cf3 WSACleanup 114489->114491 114491->114488 114494 7ffe004f6d0e 114492->114494 114493 7ffe004f6d1b 114495 7ffe004f6f15 114493->114495 114496 7ffe004f6d23 GetModuleHandleA 114493->114496 114494->114478 114497 7ffe00511550 _log10_special 8 API calls 114495->114497 114498 7ffe004f6d4a 114496->114498 114499 7ffe004f6d56 GetProcAddress 114496->114499 114501 7ffe004f6f25 114497->114501 114502 7ffe00504430 20 API calls 114498->114502 114500 7ffe004f6d8f 114499->114500 114503 7ffe004f6dba 114500->114503 114504 7ffe004f6d94 114500->114504 114501->114478 114505 7ffe004f6eed QueryPerformanceFrequency 114502->114505 114507 7ffe004f6de9 GetSystemDirectoryA 114503->114507 114508 7ffe004f6dbf GetProcAddress 114503->114508 114506 7ffe004f6dac LoadLibraryA 114504->114506 114511 7ffe004f6d9c 114504->114511 114505->114495 114506->114511 114510 7ffe004f6e06 114507->114510 114507->114511 114508->114507 114509 7ffe004f6dd4 LoadLibraryExA 114508->114509 114509->114511 114510->114511 114514 7ffe004f6e1b GetSystemDirectoryA 114510->114514 114511->114498 114512 7ffe004f6eb6 GetProcAddress 114511->114512 114512->114498 114513 7ffe004f6ecb 114512->114513 114513->114498 114514->114511 114515 7ffe004f6e2b 114514->114515 114515->114511 114516 7ffe004f6e80 LoadLibraryA 114515->114516 114516->114511 114518 7ffe004c0793 114517->114518 114519 7ffe004c0712 114517->114519 114518->114493 114520 7ffe00504430 20 API calls 114519->114520 114521 7ffe004c0730 114520->114521 114526 7ffe004f6ac0 GetModuleHandleA 114521->114526 114523 7ffe004c0749 114524 7ffe004c0755 GetProcAddressForCaller 114523->114524 114525 7ffe004c076a 114523->114525 114524->114525 114525->114493 114527 7ffe004f6aea GetProcAddress 114526->114527 114528 7ffe004f6ae2 114526->114528 114531 7ffe004f6b11 114527->114531 114528->114523 114529 7ffe004f6b49 114532 7ffe004f6b80 GetSystemDirectoryA 114529->114532 114533 7ffe004f6b4e GetProcAddress 114529->114533 114530 7ffe004f6b36 LoadLibraryA 114530->114529 114531->114529 114531->114530 114535 7ffe004f6b9a 114532->114535 114538 7ffe004f6c26 114532->114538 114533->114532 114534 7ffe004f6b63 114533->114534 114534->114532 114536 7ffe004f6bcd GetSystemDirectoryA 114535->114536 114535->114538 114537 7ffe004f6bdd 114536->114537 114536->114538 114537->114538 114539 7ffe004f6c31 LoadLibraryA 114537->114539 114538->114523 114539->114538 114546 7ffe00528789 wcsftime 114540->114546 114541 7ffe005287da 114549 7ffe0051d1b0 11 API calls _get_daylight 114541->114549 114542 7ffe005287be HeapAlloc 114544 7ffe005287d8 114542->114544 114542->114546 114544->114481 114546->114541 114546->114542 114548 7ffe0052f7f8 EnterCriticalSection LeaveCriticalSection wcsftime 114546->114548 114547->114483 114548->114546 114549->114544 114550 7ffe004c3700 114551 7ffe004c3719 114550->114551 114552 7ffe004c370f 114550->114552 114553 7ffe004c3732 114551->114553 114555 7ffe004c374a 114551->114555 114592 7ffe004c0920 86 API calls _log10_special 114553->114592 114558 7ffe004c376a 114555->114558 114593 7ffe004e1d20 56 API calls 114555->114593 114556 7ffe004c373e 114559 7ffe004c3772 114558->114559 114571 7ffe004e21d0 114558->114571 114561 7ffe004c37c6 114562 7ffe004c37cc 114561->114562 114569 7ffe004c3800 114561->114569 114594 7ffe004e2460 205 API calls 114562->114594 114564 7ffe004c37d4 114565 7ffe004c3855 114595 7ffe004e2ac0 161 API calls 114565->114595 114568 7ffe004c3875 114569->114565 114577 7ffe004e2a90 114569->114577 114580 7ffe004e2970 114569->114580 114572 7ffe004e21e9 114571->114572 114576 7ffe004e2214 114571->114576 114572->114576 114596 7ffe004e18f0 88 API calls 114572->114596 114574 7ffe004e2295 114597 7ffe004e1f90 10 API calls 114574->114597 114576->114561 114598 7ffe004e49f0 114577->114598 114579 7ffe004e2aad 114579->114569 114581 7ffe004faa00 2 API calls 114580->114581 114584 7ffe004e299a 114581->114584 114582 7ffe00511550 _log10_special 8 API calls 114583 7ffe004e2a86 114582->114583 114583->114569 114588 7ffe004e29fe 114584->114588 114590 7ffe004e29c0 114584->114590 114643 7ffe004e3430 114584->114643 114587 7ffe004e2a5c 114587->114590 114660 7ffe004e1f90 10 API calls 114587->114660 114588->114587 114658 7ffe004f4e10 8 API calls 114588->114658 114659 7ffe004e2080 8 API calls 114588->114659 114590->114582 114592->114556 114593->114558 114594->114564 114595->114568 114596->114574 114597->114576 114599 7ffe004e51c8 114598->114599 114604 7ffe004e4a67 114598->114604 114600 7ffe004e4a7c 114601 7ffe00511550 _log10_special 8 API calls 114600->114601 114602 7ffe004e4b63 114601->114602 114602->114579 114604->114599 114604->114600 114633 7ffe004e4900 114604->114633 114605 7ffe004e4b0c 114605->114600 114619 7ffe004e4b76 114605->114619 114606 7ffe004e4cff getsockopt 114613 7ffe004e4cc0 114606->114613 114607 7ffe004e4d51 WSAEventSelect 114607->114613 114623 7ffe004e4dd4 114607->114623 114608 7ffe004eae00 17 API calls 114611 7ffe004e4e14 114608->114611 114609 7ffe004e4d3c send 114609->114613 114610 7ffe004e4e5b WSAWaitForMultipleEvents 114621 7ffe004e4e52 114610->114621 114611->114610 114611->114621 114624 7ffe004e5149 114611->114624 114612 7ffe004e51c1 114612->114579 114613->114606 114613->114607 114613->114609 114613->114623 114614 7ffe004e4c77 WSAEventSelect 114614->114619 114614->114623 114615 7ffe004e4c1f getsockopt 114615->114619 114616 7ffe004e4e90 WSAEnumNetworkEvents 114620 7ffe004e4f1c WSAEventSelect 114616->114620 114616->114621 114617 7ffe004e5131 WSAResetEvent 114617->114624 114618 7ffe004e5127 114618->114617 114619->114613 114619->114614 114619->114615 114622 7ffe004e4c5c send 114619->114622 114620->114621 114621->114616 114621->114620 114625 7ffe004e4f03 WSAEventSelect 114621->114625 114629 7ffe004e4f8e 114621->114629 114622->114619 114623->114608 114623->114611 114624->114612 114626 7ffe004e4900 10 API calls 114624->114626 114625->114621 114627 7ffe004e519f 114626->114627 114627->114612 114631 7ffe004e51b3 114627->114631 114628 7ffe004e50ae WSAEnumNetworkEvents 114628->114629 114630 7ffe004e50de WSAEventSelect 114628->114630 114629->114617 114629->114618 114629->114628 114629->114630 114630->114629 114641 7ffe004eb340 WSASetLastError Sleep 114631->114641 114634 7ffe004e492c 114633->114634 114635 7ffe004e4919 114633->114635 114636 7ffe004e49d8 114634->114636 114637 7ffe004faa00 2 API calls 114634->114637 114635->114605 114636->114605 114638 7ffe004e4949 114637->114638 114642 7ffe004f4d00 8 API calls _log10_special 114638->114642 114640 7ffe004e4969 114640->114605 114641->114612 114642->114640 114644 7ffe004e46a6 114643->114644 114645 7ffe004e346e 114643->114645 114644->114584 114645->114644 114646 7ffe004e3080 161 API calls 114645->114646 114650 7ffe004e34fa 114645->114650 114648 7ffe004e34ac 114646->114648 114647 7ffe004ba860 10 API calls 114647->114650 114648->114650 114661 7ffe004e1b10 86 API calls 114648->114661 114650->114647 114651 7ffe004c0920 86 API calls 114650->114651 114652 7ffe004e3080 161 API calls 114650->114652 114653 7ffe004e5200 88 API calls 114650->114653 114654 7ffe004e3533 114650->114654 114655 7ffe004e9050 153 API calls 114650->114655 114657 7ffe004fdc30 93 API calls 114650->114657 114662 7ffe004e1b10 86 API calls 114650->114662 114651->114650 114652->114650 114653->114650 114654->114584 114655->114650 114657->114650 114658->114588 114659->114588 114660->114590 114661->114650 114662->114650 114663 7ffe004b9ac0 114664 7ffe004b9ae7 114663->114664 114667 7ffe004b9af9 114663->114667 114665 7ffe004b9b83 114666 7ffe004c0ab0 86 API calls 114665->114666 114668 7ffe004b9b98 114666->114668 114667->114665 114667->114668 114669 7ffe004b9e58 114667->114669 114671 7ffe004c0920 86 API calls _log10_special 114669->114671 114671->114668 114672 7ffe004e4076 114673 7ffe004e408f 114672->114673 114676 7ffe004e42be 114673->114676 114708 7ffe004fb9c0 114673->114708 114749 7ffe004e18f0 88 API calls 114676->114749 114679 7ffe004e4161 114679->114676 114681 7ffe004e4146 114679->114681 114680 7ffe004e41e1 114682 7ffe004e42a1 114680->114682 114687 7ffe004e41e9 114680->114687 114681->114680 114684 7ffe004e3f5d 114681->114684 114685 7ffe004e4176 114681->114685 114702 7ffe004e39a5 114682->114702 114748 7ffe004e18f0 88 API calls 114682->114748 114686 7ffe004e3080 161 API calls 114684->114686 114690 7ffe004e3080 161 API calls 114685->114690 114686->114702 114687->114685 114691 7ffe004e41ff 114687->114691 114688 7ffe004ba860 10 API calls 114697 7ffe004e43fb 114688->114697 114689 7ffe004e9050 153 API calls 114703 7ffe004e34fa 114689->114703 114693 7ffe004e4194 114690->114693 114691->114702 114747 7ffe004fb000 89 API calls 114691->114747 114692 7ffe004e5200 88 API calls 114692->114703 114746 7ffe004fb000 89 API calls 114693->114746 114695 7ffe004ba860 10 API calls 114695->114703 114696 7ffe004e3533 114697->114703 114750 7ffe004c0920 86 API calls _log10_special 114697->114750 114700 7ffe004e4230 114700->114702 114707 7ffe004e3080 161 API calls 114700->114707 114702->114688 114702->114703 114703->114689 114703->114692 114703->114695 114703->114696 114704 7ffe004fdc30 93 API calls 114703->114704 114705 7ffe004e3080 161 API calls 114703->114705 114706 7ffe004c0920 86 API calls 114703->114706 114751 7ffe004e1b10 86 API calls 114703->114751 114704->114703 114705->114703 114706->114703 114707->114702 114709 7ffe004fba08 114708->114709 114710 7ffe004fba37 114708->114710 114711 7ffe004fba96 114709->114711 114712 7ffe004fbaae 114709->114712 114740 7ffe004fba24 114709->114740 114710->114709 114718 7ffe004eb1e0 19 API calls 114710->114718 114775 7ffe004c0920 86 API calls _log10_special 114711->114775 114716 7ffe004fbad6 114712->114716 114752 7ffe004fc080 114712->114752 114713 7ffe00511550 _log10_special 8 API calls 114715 7ffe004e4135 114713->114715 114715->114681 114745 7ffe004fbce0 86 API calls 114715->114745 114717 7ffe004fbb03 114716->114717 114716->114740 114776 7ffe004fc730 90 API calls memcpy_s 114716->114776 114720 7ffe004faa00 2 API calls 114717->114720 114717->114740 114718->114709 114727 7ffe004fbb16 114720->114727 114722 7ffe004fbb75 114723 7ffe004e9050 153 API calls 114722->114723 114722->114740 114724 7ffe004fbb8f 114723->114724 114724->114740 114777 7ffe004f4c10 88 API calls 114724->114777 114726 7ffe004fbbac 114728 7ffe004fbbbb 114726->114728 114731 7ffe004fbc38 114726->114731 114726->114740 114727->114722 114729 7ffe004c0a10 86 API calls 114727->114729 114732 7ffe004ba860 10 API calls 114728->114732 114729->114722 114730 7ffe004fbc9c 114733 7ffe004e9050 153 API calls 114730->114733 114731->114730 114734 7ffe004fbc76 114731->114734 114735 7ffe004fbc5d 114731->114735 114738 7ffe004fbbca 114732->114738 114733->114740 114734->114730 114736 7ffe004fbc86 114734->114736 114780 7ffe004c0920 86 API calls _log10_special 114735->114780 114781 7ffe004c0920 86 API calls _log10_special 114736->114781 114738->114740 114741 7ffe004fbc07 114738->114741 114742 7ffe004fbc22 114738->114742 114740->114713 114778 7ffe004c0920 86 API calls _log10_special 114741->114778 114779 7ffe004c0920 86 API calls _log10_special 114742->114779 114745->114679 114746->114702 114747->114700 114748->114702 114749->114702 114750->114703 114751->114703 114774 7ffe004fc100 114752->114774 114755 7ffe004faa00 2 API calls 114755->114774 114756 7ffe004c0a10 86 API calls 114758 7ffe004fc62a 114756->114758 114758->114716 114759 7ffe004fc5e7 114759->114756 114759->114758 114760 7ffe004fc5ee 114760->114759 114764 7ffe004c0a10 86 API calls 114760->114764 114761 7ffe004c0840 81 API calls 114761->114774 114764->114759 114765 7ffe004fc616 114767 7ffe004fc61b 114765->114767 114768 7ffe004fc632 114765->114768 114795 7ffe004c0920 86 API calls _log10_special 114767->114795 114796 7ffe004c0920 86 API calls _log10_special 114768->114796 114770 7ffe004c0a10 86 API calls 114770->114774 114773 7ffe004eba20 170 API calls 114773->114774 114774->114755 114774->114758 114774->114759 114774->114760 114774->114761 114774->114765 114774->114770 114774->114773 114782 7ffe004ebad0 114774->114782 114785 7ffe004e8bd0 114774->114785 114790 7ffe004e8d90 QueryPerformanceCounter GetTickCount 114774->114790 114791 7ffe004d36f0 177 API calls 114774->114791 114792 7ffe004d2530 86 API calls 114774->114792 114793 7ffe004d69d0 170 API calls 114774->114793 114794 7ffe004e7c70 170 API calls 114774->114794 114775->114740 114776->114717 114777->114726 114778->114740 114779->114740 114780->114740 114781->114740 114797 7ffe0050b600 114782->114797 114786 7ffe004e8bfb 114785->114786 114787 7ffe004e8be0 114785->114787 114786->114774 114787->114786 114852 7ffe004c0920 86 API calls _log10_special 114787->114852 114789 7ffe004e8bf1 114789->114774 114790->114774 114791->114774 114792->114774 114793->114774 114794->114774 114795->114758 114796->114758 114802 7ffe005071e0 114797->114802 114799 7ffe004c0ab0 86 API calls 114800 7ffe004ebb26 114799->114800 114800->114774 114803 7ffe00507240 114802->114803 114806 7ffe0050725a 114802->114806 114804 7ffe00507246 114803->114804 114803->114806 114805 7ffe004c0a10 86 API calls 114804->114805 114808 7ffe00507255 114805->114808 114813 7ffe005072ee 114806->114813 114824 7ffe00507261 114806->114824 114833 7ffe00507341 memcpy_s 114806->114833 114835 7ffe0052ae04 114806->114835 114807 7ffe004c0a10 86 API calls 114807->114808 114811 7ffe00504430 20 API calls 114808->114811 114815 7ffe005075e3 memcpy_s 114808->114815 114810 7ffe005072d2 114847 7ffe004c0920 86 API calls _log10_special 114810->114847 114814 7ffe005075d3 114811->114814 114818 7ffe00507335 114813->114818 114819 7ffe00507343 114813->114819 114813->114833 114814->114815 114816 7ffe004c0a10 86 API calls 114814->114816 114817 7ffe00511550 _log10_special 8 API calls 114815->114817 114816->114815 114821 7ffe0050771d 114817->114821 114822 7ffe004c0a10 86 API calls 114818->114822 114820 7ffe004c0a10 86 API calls 114819->114820 114820->114833 114821->114799 114822->114833 114823 7ffe005075ec 114823->114824 114825 7ffe00507613 114823->114825 114824->114807 114824->114808 114848 7ffe004f53f0 83 API calls 2 library calls 114825->114848 114827 7ffe0050762c 114829 7ffe004c0a10 86 API calls 114827->114829 114828 7ffe00507643 114849 7ffe004c0920 86 API calls _log10_special 114828->114849 114829->114808 114831 7ffe004c0a10 86 API calls 114831->114833 114832 7ffe00508c90 166 API calls 114832->114833 114833->114808 114833->114823 114833->114824 114833->114828 114833->114831 114833->114832 114836 7ffe0052ae23 114835->114836 114837 7ffe0052ae19 114835->114837 114839 7ffe0052ae28 114836->114839 114845 7ffe0052ae2f wcsftime 114836->114845 114838 7ffe0052994c wcsftime 12 API calls 114837->114838 114843 7ffe005072cd 114838->114843 114840 7ffe005273d0 __free_lconv_num 11 API calls 114839->114840 114840->114843 114841 7ffe0052ae35 114850 7ffe0051d1b0 11 API calls _get_daylight 114841->114850 114842 7ffe0052ae62 RtlReAllocateHeap 114842->114843 114842->114845 114843->114810 114843->114813 114845->114841 114845->114842 114851 7ffe0052f7f8 EnterCriticalSection LeaveCriticalSection wcsftime 114845->114851 114847->114808 114848->114827 114849->114808 114850->114843 114851->114845 114852->114789 114853 7ffe0051f884 114854 7ffe0051f8a1 114853->114854 114855 7ffe0051f892 GetLastError ExitThread 114853->114855 114866 7ffe00527d58 GetLastError 114854->114866 114860 7ffe0051f8bf 114892 7ffe004b2950 114860->114892 114867 7ffe00527d99 FlsSetValue 114866->114867 114868 7ffe00527d7c FlsGetValue 114866->114868 114870 7ffe00527d89 114867->114870 114871 7ffe00527dab 114867->114871 114869 7ffe00527d93 114868->114869 114868->114870 114869->114867 114873 7ffe00527e05 SetLastError 114870->114873 114872 7ffe00528778 _get_daylight 11 API calls 114871->114872 114874 7ffe00527dba 114872->114874 114875 7ffe0051f8a6 114873->114875 114876 7ffe00527e25 114873->114876 114877 7ffe00527dd8 FlsSetValue 114874->114877 114878 7ffe00527dc8 FlsSetValue 114874->114878 114888 7ffe0052ab54 114875->114888 114915 7ffe0052734c 76 API calls 2 library calls 114876->114915 114882 7ffe00527de4 FlsSetValue 114877->114882 114883 7ffe00527df6 114877->114883 114881 7ffe00527dd1 114878->114881 114884 7ffe005273d0 __free_lconv_num 11 API calls 114881->114884 114882->114881 114914 7ffe00527ac4 11 API calls _get_daylight 114883->114914 114884->114870 114886 7ffe00527dfe 114887 7ffe005273d0 __free_lconv_num 11 API calls 114886->114887 114887->114873 114889 7ffe0051f8b2 114888->114889 114890 7ffe0052ab63 114888->114890 114889->114860 114913 7ffe00529708 5 API calls __crtLCMapStringW 114889->114913 114890->114889 114916 7ffe00529230 114890->114916 114893 7ffe004df210 78 API calls 114892->114893 114894 7ffe004b298f 114893->114894 114929 7ffe004be0b0 getaddrinfo 114894->114929 114897 7ffe004b29ab WSAGetLastError 114899 7ffe004b29c2 114897->114899 114900 7ffe004b29b5 WSAGetLastError 114897->114900 114898 7ffe004b29ce EnterCriticalSection 114901 7ffe004b29f9 114898->114901 114902 7ffe004b29dd LeaveCriticalSection 114898->114902 114899->114898 114900->114898 114900->114899 114903 7ffe004b2a27 LeaveCriticalSection 114901->114903 114904 7ffe004b2a03 send 114901->114904 114935 7ffe004b28d0 DeleteCriticalSection closesocket 114902->114935 114907 7ffe004b29ee 114903->114907 114904->114903 114906 7ffe004b2a1e WSAGetLastError 114904->114906 114906->114903 114908 7ffe00511550 _log10_special 8 API calls 114907->114908 114909 7ffe004b2a46 114908->114909 114910 7ffe0051fa98 114909->114910 114936 7ffe0051f8f4 114910->114936 114913->114860 114914->114886 114919 7ffe0052901c 114916->114919 114920 7ffe00529079 114919->114920 114922 7ffe00529074 __vcrt_InitializeCriticalSectionEx 114919->114922 114920->114889 114921 7ffe005290a9 LoadLibraryExW 114924 7ffe0052917e 114921->114924 114925 7ffe005290ce GetLastError 114921->114925 114922->114920 114922->114921 114923 7ffe0052919e GetProcAddress 114922->114923 114928 7ffe00529108 LoadLibraryExW 114922->114928 114923->114920 114927 7ffe005291af 114923->114927 114924->114923 114926 7ffe00529195 FreeLibrary 114924->114926 114925->114922 114926->114923 114927->114920 114928->114922 114928->114924 114930 7ffe004b29a5 114929->114930 114932 7ffe004be0dd memcpy_s 114929->114932 114930->114897 114930->114898 114931 7ffe004be22e WSASetLastError 114931->114930 114932->114931 114933 7ffe004be1fa freeaddrinfo 114932->114933 114934 7ffe004be200 114932->114934 114933->114934 114934->114930 114934->114931 114935->114907 114945 7ffe00527ed0 GetLastError 114936->114945 114938 7ffe0051f905 114939 7ffe0051f94c ExitThread 114938->114939 114940 7ffe0051f921 114938->114940 114962 7ffe00529754 5 API calls __crtLCMapStringW 114938->114962 114942 7ffe0051f92f CloseHandle 114940->114942 114943 7ffe0051f935 114940->114943 114942->114943 114943->114939 114944 7ffe0051f943 FreeLibraryAndExitThread 114943->114944 114944->114939 114946 7ffe00527f11 FlsSetValue 114945->114946 114947 7ffe00527ef4 114945->114947 114948 7ffe00527f23 114946->114948 114959 7ffe00527f01 114946->114959 114947->114946 114947->114959 114949 7ffe00528778 _get_daylight 5 API calls 114948->114949 114951 7ffe00527f32 114949->114951 114950 7ffe00527f7d SetLastError 114950->114938 114952 7ffe00527f50 FlsSetValue 114951->114952 114953 7ffe00527f40 FlsSetValue 114951->114953 114955 7ffe00527f6e 114952->114955 114956 7ffe00527f5c FlsSetValue 114952->114956 114954 7ffe00527f49 114953->114954 114957 7ffe005273d0 __free_lconv_num 5 API calls 114954->114957 114963 7ffe00527ac4 11 API calls _get_daylight 114955->114963 114956->114954 114957->114959 114959->114950 114960 7ffe00527f76 114961 7ffe005273d0 __free_lconv_num 5 API calls 114960->114961 114961->114950 114962->114940 114963->114960 114964 7ffe00507d76 114965 7ffe00507d7e 114964->114965 114966 7ffe00504430 20 API calls 114965->114966 114973 7ffe00507da9 114965->114973 114966->114973 114967 7ffe00507e12 114968 7ffe00508194 114967->114968 114974 7ffe00507e5a 114967->114974 115051 7ffe00525490 76 API calls 2 library calls 114967->115051 114971 7ffe005081c0 114968->114971 114972 7ffe0050849d 114968->114972 114970 7ffe00508076 114977 7ffe0050808d CertOpenStore 114970->114977 114991 7ffe005081f9 __vcrt_freefls 114970->114991 115054 7ffe004c0920 86 API calls _log10_special 114971->115054 114976 7ffe00508919 114972->114976 114981 7ffe00504430 20 API calls 114972->114981 114973->114967 114978 7ffe00504430 20 API calls 114973->114978 115010 7ffe00507e6f __vcrt_freefls 114973->115010 114974->114970 114979 7ffe0050804a 114974->114979 114989 7ffe00508960 114976->114989 114995 7ffe004c0a10 86 API calls 114976->114995 115001 7ffe00508787 114976->115001 114982 7ffe005080b0 GetLastError 114977->114982 114983 7ffe005080f5 CryptStringToBinaryA 114977->114983 114978->114973 115052 7ffe004c0920 86 API calls _log10_special 114979->115052 114980 7ffe005081cf 114987 7ffe005081df 114980->114987 114988 7ffe005081d9 CertFreeCertificateContext 114980->114988 114986 7ffe005084d2 114981->114986 115053 7ffe004c0920 86 API calls _log10_special 114982->115053 114999 7ffe00508150 CertFindCertificateInStore 114983->114999 115000 7ffe0050813a __vcrt_freefls 114983->115000 114984 7ffe00511550 _log10_special 8 API calls 114985 7ffe00508c19 114984->114985 114986->114976 115044 7ffe005084da 114986->115044 114997 7ffe005081e4 CertCloseStore 114987->114997 115015 7ffe00508074 __vcrt_freefls 114987->115015 114988->114987 114996 7ffe00508967 114989->114996 115043 7ffe00508980 114989->115043 115011 7ffe00508291 114991->115011 115055 7ffe0052080c 78 API calls _invalid_parameter_noinfo 114991->115055 114995->114989 115066 7ffe004c0920 86 API calls _log10_special 114996->115066 114997->115015 114998 7ffe0050823f 115005 7ffe00508254 114998->115005 115056 7ffe00524204 77 API calls _invalid_parameter_noinfo 114998->115056 115007 7ffe0050817e __vcrt_freefls 114999->115007 115006 7ffe00508488 CertCloseStore 115000->115006 115012 7ffe00508b4e CertFreeCertificateContext 115001->115012 115013 7ffe00508b54 115001->115013 115002 7ffe00508bb9 115071 7ffe004c0920 86 API calls _log10_special 115002->115071 115017 7ffe0050825a 115005->115017 115058 7ffe0052080c 78 API calls _invalid_parameter_noinfo 115005->115058 115006->115015 115007->114968 115007->115006 115010->115015 115072 7ffe004c0920 86 API calls _log10_special 115010->115072 115018 7ffe00508358 MultiByteToWideChar 115011->115018 115019 7ffe0050838a 115011->115019 115022 7ffe005083e3 115011->115022 115012->115013 115013->115015 115069 7ffe004f53f0 83 API calls 2 library calls 115013->115069 115015->114984 115023 7ffe005082ca 115017->115023 115057 7ffe0052043c 87 API calls _fread_nolock 115017->115057 115018->115019 115028 7ffe00504430 20 API calls 115019->115028 115026 7ffe005083fe GetLastError 115022->115026 115027 7ffe0050843f CertFindCertificateInStore 115022->115027 115059 7ffe004c0920 86 API calls _log10_special 115023->115059 115024 7ffe00508b6c 115070 7ffe004c0920 86 API calls _log10_special 115024->115070 115025 7ffe0050827f 115025->115011 115025->115023 115030 7ffe00508411 115026->115030 115031 7ffe00508426 115026->115031 115027->114968 115033 7ffe0050846b GetLastError 115027->115033 115034 7ffe005083ba PFXImportCertStore 115028->115034 115060 7ffe004c0920 86 API calls _log10_special 115030->115060 115061 7ffe004c0920 86 API calls _log10_special 115031->115061 115062 7ffe004c0920 86 API calls _log10_special 115033->115062 115034->115022 115035 7ffe00508728 115064 7ffe004c0920 86 API calls _log10_special 115035->115064 115038 7ffe0050876c 115065 7ffe004c0920 86 API calls _log10_special 115038->115065 115043->115001 115048 7ffe00508ac7 115043->115048 115067 7ffe0051cce4 78 API calls _invalid_parameter_noinfo 115043->115067 115044->115001 115044->115035 115045 7ffe00508709 115044->115045 115050 7ffe00508707 115044->115050 115063 7ffe004c0920 86 API calls _log10_special 115045->115063 115046 7ffe00507e80 115046->114974 115046->114977 115046->115002 115046->115015 115068 7ffe004c0920 86 API calls _log10_special 115048->115068 115050->115001 115050->115038 115051->115046 115052->115015 115053->115015 115054->114980 115055->114998 115056->115005 115057->115025 115058->115017 115059->115015 115060->115015 115061->115015 115062->115006 115063->115015 115064->115015 115065->115015 115066->115015 115067->115043 115068->115015 115069->115024 115070->115015 115071->115010 115072->115015 115073 7ffe004b5df0 send 115074 7ffe004b5e73 WSAGetLastError 115073->115074 115083 7ffe004b5e8a 115073->115083 115076 7ffe004b5e92 115074->115076 115074->115083 115075 7ffe004c0ab0 86 API calls 115078 7ffe004b5eea 115075->115078 115084 7ffe004f5b30 83 API calls _get_daylight 115076->115084 115080 7ffe00511550 _log10_special 8 API calls 115078->115080 115079 7ffe004b5ea4 115085 7ffe004c0920 86 API calls _log10_special 115079->115085 115082 7ffe004b5f0d 115080->115082 115083->115075 115084->115079 115085->115083 115086 7ffe00507ab0 115087 7ffe004c0700 28 API calls 115086->115087 115088 7ffe00507ab9 115087->115088 115089 7ff73e4cd380 115090 7ff73e4cd3d6 115089->115090 115206 7ff73e52e048 115090->115206 115092 7ff73e4cd3e5 __scrt_get_show_window_mode 115093 7ff73e4cd44e curl_easy_init CreateThread 115092->115093 115146 7ff73e4cd3ed 115092->115146 115095 7ff73e4cd47f 115093->115095 115096 7ff73e4cdefd 115093->115096 115094 7ff73e4ff880 ctype 8 API calls 115098 7ff73e4cdfb9 115094->115098 115099 7ff73e4da6e0 99 API calls 115095->115099 115101 7ff73e4cdf0f MessageBoxA 115096->115101 115105 7ff73e4cdf28 115096->115105 115097 7ff73e4cdfd3 115100 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115097->115100 115102 7ff73e4cd488 115099->115102 115103 7ff73e4cdfd8 115100->115103 115101->115105 115225 7ff73e4daa60 115102->115225 115107 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115103->115107 115104 7ff73e4cdf4c MessageBoxW 115104->115146 115105->115104 115105->115146 115109 7ff73e4cdfde 115107->115109 115112 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115109->115112 115110 7ff73e4da5f0 _Receive_impl 55 API calls 115111 7ff73e4cd4b6 curl_easy_setopt 115110->115111 115114 7ff73e4cd510 6 API calls 115111->115114 115115 7ff73e4cd4de collate 115111->115115 115113 7ff73e4cdfe4 115112->115113 115117 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115113->115117 115116 7ff73e4da6e0 99 API calls 115114->115116 115115->115103 115115->115114 115118 7ff73e4cd58b 115116->115118 115119 7ff73e4cdfea 115117->115119 115120 7ff73e4daa60 59 API calls 115118->115120 115122 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115119->115122 115121 7ff73e4cd5bc 115120->115121 115123 7ff73e4da5f0 _Receive_impl 55 API calls 115121->115123 115124 7ff73e4cdff0 115122->115124 115125 7ff73e4cd5c6 curl_easy_setopt 115123->115125 115128 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115124->115128 115126 7ff73e4cd620 curl_easy_setopt 115125->115126 115127 7ff73e4cd5ee collate 115125->115127 115129 7ff73e4cd640 115126->115129 115130 7ff73e4cd701 curl_easy_setopt curl_easy_perform curl_easy_cleanup 115126->115130 115127->115109 115127->115126 115131 7ff73e4cdff6 115128->115131 115129->115130 115133 7ff73e4da6e0 99 API calls 115129->115133 115130->115096 115132 7ff73e4cd731 115130->115132 115137 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115131->115137 115250 7ff73e539250 115132->115250 115136 7ff73e4cd653 115133->115136 115141 7ff73e4daa60 59 API calls 115136->115141 115139 7ff73e4cdffc 115137->115139 115143 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115139->115143 115142 7ff73e4cd677 115141->115142 115145 7ff73e4da5f0 _Receive_impl 55 API calls 115142->115145 115147 7ff73e4ce002 115143->115147 115149 7ff73e4cd681 curl_easy_setopt 115145->115149 115146->115097 115150 7ff73e4cd424 collate 115146->115150 115151 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115147->115151 115153 7ff73e4cd6db curl_easy_setopt curl_easy_setopt 115149->115153 115154 7ff73e4cd6a9 collate 115149->115154 115150->115094 115155 7ff73e4ce008 115151->115155 115153->115130 115154->115113 115154->115153 115158 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115155->115158 115160 7ff73e4ce00e 115158->115160 115207 7ff73e52df74 115206->115207 115208 7ff73e52df9a 115207->115208 115210 7ff73e52dfcd 115207->115210 115284 7ff73e53e2a8 11 API calls _get_daylight 115208->115284 115212 7ff73e52dfe0 115210->115212 115213 7ff73e52dfd3 115210->115213 115211 7ff73e52df9f 115285 7ff73e5386b8 55 API calls _invalid_parameter_noinfo_noreturn 115211->115285 115272 7ff73e542c44 115212->115272 115286 7ff73e53e2a8 11 API calls _get_daylight 115213->115286 115217 7ff73e52dfaa 115217->115092 115236 7ff73e4daace _LStrxfrm 115225->115236 115226 7ff73e4dadd4 115229 7ff73e4dae29 115226->115229 115249 7ff73e4dad20 collate 115226->115249 115227 7ff73e4ff880 ctype 8 API calls 115228 7ff73e4cd4ac 115227->115228 115228->115110 115230 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115229->115230 115231 7ff73e4dae2f 115230->115231 115426 7ff73e4d6c80 59 API calls 2 library calls 115231->115426 115232 7ff73e4dad48 115234 7ff73e4dad53 115232->115234 115235 7ff73e4dae1e 115232->115235 115233 7ff73e4dac99 115233->115231 115423 7ff73e4c59d0 59 API calls 5 library calls 115233->115423 115424 7ff73e4c59d0 59 API calls 5 library calls 115234->115424 115425 7ff73e4d6c80 59 API calls 2 library calls 115235->115425 115236->115226 115236->115232 115236->115233 115421 7ff73e4c9ff0 59 API calls 5 library calls 115236->115421 115422 7ff73e4c64f0 59 API calls 5 library calls 115236->115422 115239 7ff73e4dae35 115245 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115239->115245 115244 7ff73e4dae23 115247 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115244->115247 115246 7ff73e4dae3b 115245->115246 115247->115229 115248 7ff73e4dacb0 collate 115248->115239 115248->115244 115248->115249 115249->115227 115251 7ff73e53925e 115250->115251 115254 7ff73e539265 115250->115254 115434 7ff73e539088 81 API calls 115251->115434 115253 7ff73e4cd739 115256 7ff73e52e18c 115253->115256 115254->115253 115427 7ff73e539048 115254->115427 115257 7ff73e52e1bc 115256->115257 115436 7ff73e52e068 115257->115436 115259 7ff73e52e1d5 115289 7ff73e53d62c EnterCriticalSection 115272->115289 115284->115211 115285->115217 115286->115217 115421->115236 115422->115236 115423->115248 115424->115248 115425->115244 115426->115239 115435 7ff73e5395f0 EnterCriticalSection 115427->115435 115434->115253 115437 7ff73e52e0b1 115436->115437 115438 7ff73e52e083 115436->115438 115440 7ff73e52e0a3 115437->115440 115448 7ff73e5395f0 EnterCriticalSection 115437->115448 115449 7ff73e5385ec 55 API calls _invalid_parameter_noinfo_noreturn 115438->115449 115440->115259 115449->115440 115450 7ff73e4cc5c0 InitCommonControlsEx 115451 7ff73e4cc5fe 115450->115451 115452 7ff73e4cc70a 7 API calls 115450->115452 115454 7ff73e4cc6f6 115451->115454 115455 7ff73e4cc6e6 EndDialog 115451->115455 115461 7ff73e4cc611 115451->115461 115453 7ff73e4ca240 4 API calls 115452->115453 115456 7ff73e4cc800 115453->115456 115457 7ff73e4cc6da 115455->115457 115458 7ff73e4cc300 11 API calls 115456->115458 115458->115457 115459 7ff73e4cc68a MessageBoxW 115459->115457 115460 7ff73e4cc6c8 EndDialog 115459->115460 115460->115457 115461->115454 115461->115459 115463 7ff73e4cc63f _LStrxfrm 115461->115463 115464 7ff73e4d5c00 115461->115464 115463->115459 115465 7ff73e4d5d6e 115464->115465 115467 7ff73e4d5c2a 115464->115467 115466 7ff73e4d5c49 115468 7ff73e4d5d68 115466->115468 115470 7ff73e4ff8a8 std::_Facet_Register 59 API calls 115466->115470 115467->115466 115467->115468 115469 7ff73e4d5cd7 115467->115469 115476 7ff73e4c2700 59 API calls 2 library calls 115468->115476 115472 7ff73e4ff8a8 std::_Facet_Register 59 API calls 115469->115472 115474 7ff73e4d5cc0 _LStrxfrm 115469->115474 115470->115474 115472->115474 115473 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115473->115468 115474->115473 115475 7ff73e4d5d37 collate 115474->115475 115475->115459 115476->115465 115477 7ffe004b5f20 115478 7ffe004b5f90 115477->115478 115479 7ffe004b5fc4 115477->115479 115478->115479 115483 7ffe004b5f9c 115478->115483 115480 7ffe004b6055 115479->115480 115481 7ffe004b5fdf 115479->115481 115494 7ffe004b78c0 recv 115480->115494 115485 7ffe004b6035 115481->115485 115490 7ffe004b5ffb 115481->115490 115484 7ffe004c0ab0 86 API calls 115483->115484 115493 7ffe004b5fae 115484->115493 115488 7ffe004c0ab0 86 API calls 115485->115488 115485->115493 115486 7ffe004c0ab0 86 API calls 115487 7ffe004b608a 115486->115487 115489 7ffe004b60a2 115487->115489 115492 7ffe004faa00 2 API calls 115487->115492 115488->115493 115491 7ffe004c0ab0 86 API calls 115490->115491 115490->115493 115491->115493 115492->115489 115493->115486 115495 7ffe004b790e WSAGetLastError 115494->115495 115504 7ffe004b791d 115494->115504 115497 7ffe004b7925 115495->115497 115495->115504 115496 7ffe004c0ab0 86 API calls 115498 7ffe004b7981 115496->115498 115505 7ffe004f5b30 83 API calls _get_daylight 115497->115505 115500 7ffe00511550 _log10_special 8 API calls 115498->115500 115502 7ffe004b7994 115500->115502 115501 7ffe004b7937 115506 7ffe004c0920 86 API calls _log10_special 115501->115506 115502->115493 115504->115496 115505->115501 115506->115504 115507 7ffe004b23a0 115508 7ffe004b23e8 115507->115508 115509 7ffe004b23ed 115507->115509 115510 7ffe004cdf80 2 API calls 115508->115510 115511 7ffe004faa00 2 API calls 115509->115511 115510->115509 115512 7ffe004b243b 115511->115512 115517 7ffe004b2a60 115512->115517 115515 7ffe004b245a 115518 7ffe004b2a98 115517->115518 115519 7ffe004b2bc4 115518->115519 115522 7ffe004b2b5b 115518->115522 115523 7ffe004b2b31 InitializeCriticalSectionEx 115518->115523 115579 7ffe0051d1b0 11 API calls _get_daylight 115519->115579 115521 7ffe004b2456 115521->115515 115545 7ffe004c0920 86 API calls _log10_special 115521->115545 115524 7ffe004b2b75 closesocket 115522->115524 115525 7ffe004b2b83 115522->115525 115546 7ffe004f25e0 socket 115523->115546 115524->115525 115527 7ffe004b2b8c DeleteCriticalSection 115525->115527 115529 7ffe004b2b9c 115525->115529 115527->115529 115529->115519 115530 7ffe004b2bbe closesocket 115529->115530 115530->115519 115531 7ffe004b2c87 115531->115519 115533 7ffe004b2c96 EnterCriticalSection LeaveCriticalSection 115531->115533 115532 7ffe004b2c3d 115532->115531 115576 7ffe004c07a0 115532->115576 115535 7ffe004b2cc0 CloseHandle 115533->115535 115536 7ffe004b2cd1 115533->115536 115538 7ffe004b2ce7 115535->115538 115539 7ffe004b2cd6 115536->115539 115540 7ffe004b2cde 115536->115540 115544 7ffe004b2cff closesocket 115538->115544 115581 7ffe004c07f0 WaitForSingleObjectEx CloseHandle 115539->115581 115582 7ffe004b28d0 DeleteCriticalSection closesocket 115540->115582 115544->115519 115545->115515 115547 7ffe004f262e htonl setsockopt 115546->115547 115552 7ffe004f2629 115546->115552 115548 7ffe004f26b2 bind 115547->115548 115549 7ffe004f284f closesocket closesocket closesocket 115547->115549 115548->115549 115550 7ffe004f26cd getsockname 115548->115550 115549->115552 115550->115549 115553 7ffe004f26e7 115550->115553 115551 7ffe00511550 _log10_special 8 API calls 115554 7ffe004b2b53 115551->115554 115552->115551 115553->115549 115555 7ffe004f26f1 listen 115553->115555 115554->115522 115554->115532 115555->115549 115556 7ffe004f2708 socket 115555->115556 115556->115549 115557 7ffe004f2725 connect 115556->115557 115557->115549 115558 7ffe004f2740 115557->115558 115583 7ffe004e60a0 ioctlsocket 115558->115583 115560 7ffe004f274d 115560->115549 115561 7ffe004eae00 17 API calls 115560->115561 115562 7ffe004f2774 accept 115561->115562 115562->115549 115563 7ffe004f2790 115562->115563 115564 7ffe004faa00 2 API calls 115563->115564 115565 7ffe004f2799 115564->115565 115584 7ffe004e9ad0 115565->115584 115568 7ffe004f27bb send 115572 7ffe004f27d0 115568->115572 115569 7ffe004eae00 17 API calls 115570 7ffe004f27f3 recv 115569->115570 115571 7ffe004f2813 WSAGetLastError 115570->115571 115570->115572 115574 7ffe004faa00 2 API calls 115571->115574 115572->115549 115572->115569 115573 7ffe004f28be 115572->115573 115573->115549 115575 7ffe004f28d5 closesocket 115573->115575 115574->115572 115575->115552 115588 7ffe0051f9bc 115576->115588 115579->115521 115580 7ffe0051d1b0 11 API calls _get_daylight 115580->115531 115581->115540 115582->115538 115583->115560 115585 7ffe004e9bab 115584->115585 115586 7ffe004e9af9 115584->115586 115585->115549 115585->115568 115586->115585 115587 7ffe004e9b31 BCryptGenRandom 115586->115587 115587->115586 115589 7ffe0051f9f3 115588->115589 115590 7ffe0051f9dc 115588->115590 115606 7ffe0051f958 115589->115606 115613 7ffe0051d1b0 11 API calls _get_daylight 115590->115613 115593 7ffe0051f9e1 115614 7ffe00527790 76 API calls _invalid_parameter_noinfo 115593->115614 115596 7ffe0051fa06 CreateThread 115597 7ffe004b2c73 115596->115597 115598 7ffe0051fa36 GetLastError 115596->115598 115597->115521 115597->115580 115615 7ffe0051d124 11 API calls 2 library calls 115598->115615 115600 7ffe0051fa43 115601 7ffe0051fa52 115600->115601 115602 7ffe0051fa4c CloseHandle 115600->115602 115603 7ffe0051fa61 115601->115603 115604 7ffe0051fa5b FreeLibrary 115601->115604 115602->115601 115605 7ffe005273d0 __free_lconv_num 11 API calls 115603->115605 115604->115603 115605->115597 115607 7ffe00528778 _get_daylight 11 API calls 115606->115607 115608 7ffe0051f97a 115607->115608 115609 7ffe005273d0 __free_lconv_num 11 API calls 115608->115609 115610 7ffe0051f984 115609->115610 115611 7ffe0051f989 115610->115611 115612 7ffe0051f98d GetModuleHandleExW 115610->115612 115611->115596 115611->115597 115612->115611 115613->115593 115614->115597 115615->115600 115616 7ffe004b9fe0 115617 7ffe004ba01b 115616->115617 115618 7ffe004ba010 115616->115618 115619 7ffe004ba025 115617->115619 115650 7ffe004bb3f0 88 API calls 115617->115650 115619->115618 115630 7ffe004bae50 115619->115630 115623 7ffe004bab40 87 API calls 115624 7ffe004ba0a5 115623->115624 115625 7ffe004b7f40 96 API calls 115624->115625 115626 7ffe004ba0c8 115625->115626 115627 7ffe004ba0ed 115626->115627 115651 7ffe004e8d90 QueryPerformanceCounter GetTickCount 115626->115651 115652 7ffe004fe870 86 API calls 115627->115652 115632 7ffe004baeb0 115630->115632 115631 7ffe004faa00 2 API calls 115631->115632 115632->115631 115633 7ffe004ba860 10 API calls 115632->115633 115634 7ffe004bb244 115632->115634 115638 7ffe004bafc9 WSASetLastError 115632->115638 115639 7ffe004bb380 115632->115639 115643 7ffe004bb249 115632->115643 115644 7ffe004c0a10 86 API calls 115632->115644 115645 7ffe004ba990 89 API calls 115632->115645 115648 7ffe004c0ab0 86 API calls 115632->115648 115653 7ffe004e18f0 88 API calls 115632->115653 115633->115632 115635 7ffe004c0ab0 86 API calls 115634->115635 115634->115643 115642 7ffe004bb263 115635->115642 115636 7ffe00511550 _log10_special 8 API calls 115637 7ffe004ba064 115636->115637 115637->115618 115637->115623 115638->115632 115655 7ffe004c0920 86 API calls _log10_special 115639->115655 115640 7ffe004c0ab0 86 API calls 115640->115642 115642->115640 115647 7ffe004bb2a9 115642->115647 115643->115636 115644->115632 115645->115632 115654 7ffe004c0920 86 API calls _log10_special 115647->115654 115648->115632 115650->115619 115651->115627 115652->115618 115653->115632 115654->115643 115655->115643 115656 7ff73e4ffc3c 115679 7ff73e4ff954 115656->115679 115659 7ff73e4ffd88 115731 7ff73e50034c 7 API calls 2 library calls 115659->115731 115660 7ff73e4ffc58 __scrt_acquire_startup_lock 115662 7ff73e4ffd92 115660->115662 115664 7ff73e4ffc76 115660->115664 115732 7ff73e50034c 7 API calls 2 library calls 115662->115732 115665 7ff73e4ffc9b 115664->115665 115670 7ff73e4ffcb8 __scrt_release_startup_lock 115664->115670 115685 7ff73e53b9d0 115664->115685 115666 7ff73e4ffd9d BuildCatchObjectHelperInternal 115668 7ff73e4ffd21 115689 7ff73e500494 115668->115689 115670->115668 115730 7ff73e53ac3c 55 API calls 115670->115730 115671 7ff73e4ffd26 115692 7ff73e4cf570 115671->115692 115680 7ff73e4ff95c 115679->115680 115681 7ff73e4ff968 __scrt_dllmain_crt_thread_attach 115680->115681 115682 7ff73e4ff975 115681->115682 115684 7ff73e4ff971 115681->115684 115682->115684 115733 7ff73e528e60 7 API calls 2 library calls 115682->115733 115684->115659 115684->115660 115686 7ff73e53ba06 115685->115686 115687 7ff73e53b9d5 115685->115687 115686->115670 115687->115686 115734 7ff73e4c1190 GetCurrentThreadId SetWindowsHookExW 115687->115734 115739 7ff73e553260 115689->115739 115691 7ff73e5004ab GetStartupInfoW 115691->115671 115741 7ff73e4ca320 115692->115741 115694 7ff73e4cf60b 115753 7ff73e4ca520 115694->115753 115696 7ff73e4cfb72 115697 7ff73e4ca520 60 API calls 115696->115697 115698 7ff73e4cfb89 115697->115698 115764 7ff73e4d7060 115698->115764 115730->115668 115731->115662 115732->115666 115733->115684 115735 7ff73e4ffb40 115734->115735 115738 7ff73e4ffb04 58 API calls 115735->115738 115737 7ff73e4ffb49 115737->115687 115738->115737 115740 7ff73e553250 115739->115740 115740->115691 115740->115740 115742 7ff73e4ca329 lstrlenW 115741->115742 115749 7ff73e4ca4e8 collate 115741->115749 115743 7ff73e4ff8e4 115742->115743 115744 7ff73e4ca371 lstrcpyW lstrlenW 115743->115744 115745 7ff73e4ca498 115744->115745 115748 7ff73e4ca3b3 115744->115748 116185 7ff73e4d6220 59 API calls 3 library calls 115745->116185 115747 7ff73e4ca4b2 collate 115747->115749 115751 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115747->115751 115748->115745 115750 7ff73e4d6820 59 API calls 115748->115750 115749->115694 115750->115748 115752 7ff73e4ca516 115751->115752 115757 7ff73e4ca54b 115753->115757 115756 7ff73e4ca59e lstrlenW 115756->115757 115757->115756 115758 7ff73e4ca5de 115757->115758 115761 7ff73e4ca5bf collate 115757->115761 115763 7ff73e4ca72f 115757->115763 115759 7ff73e4d5c00 59 API calls 115758->115759 115760 7ff73e4ca604 _LStrxfrm collate 115758->115760 115759->115760 115760->115761 115762 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115760->115762 115761->115696 115762->115763 116186 7ff73e4d4da0 59 API calls std::_Xinvalid_argument 115763->116186 115765 7ff73e4c4620 59 API calls 115764->115765 115766 7ff73e4d70aa 115765->115766 115767 7ff73e4da6e0 99 API calls 115766->115767 115768 7ff73e4d71ce 115767->115768 115769 7ff73e4daa60 59 API calls 115768->115769 115770 7ff73e4d71f9 115769->115770 115771 7ff73e4da5f0 _Receive_impl 55 API calls 115770->115771 115772 7ff73e4d7204 115771->115772 115773 7ff73e4c46d0 97 API calls 115772->115773 115774 7ff73e4d7224 collate 115773->115774 115775 7ff73e4c3c50 59 API calls 115774->115775 115776 7ff73e4d83f9 115774->115776 115777 7ff73e4d83ff 115774->115777 115778 7ff73e4d72b8 115775->115778 115779 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115776->115779 115780 7ff73e5386d8 _invalid_parameter_noinfo_noreturn 55 API calls 115777->115780 115781 7ff73e4d8405 115778->115781 115783 7ff73e4c3c50 59 API calls 115778->115783 115779->115777 115780->115781 116206 7ff73e4c25c0 57 API calls __std_exception_copy 115781->116206 115785 7ff73e4d72d5 115783->115785 115784 7ff73e4d8417 115798 7ff73e4d7304 std::_Throw_Cpp_error 115785->115798 115832 7ff73e4d72ff collate 115785->115832 116187 7ff73e4c3de0 59 API calls 5 library calls 115785->116187 115787 7ff73e4c3c50 59 API calls 115788 7ff73e4d8428 115806 7ff73e4da6e0 99 API calls 115798->115806 115798->115832 115832->115787 115832->115788 116185->115747 116187->115785 116206->115784 116356 7ffe004e9ca0 116359 7ffe00535db0 116356->116359 116360 7ffe004e9cba BCryptGenRandom 116359->116360 116361 7ffe004fdae0 116374 7ffe004fdd20 116361->116374 116375 7ffe004fdd36 116374->116375 116376 7ffe004fdd81 116375->116376 116380 7ffe004fd700 205 API calls 116375->116380 116378 7ffe004fdd6e 116381 7ffe004fd700 205 API calls 116378->116381 116380->116378 116381->116376

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00007FFE00507D76 Relevance: 98.9, APIs: 14, Strings: 42, Instructions: 918COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                  • String ID: $(memory blob)$@$AES$CHACHA20_POLY1305$ChainingModeCCM$ChainingModeGCM$CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Microsoft Unified Security Protocol Provider$P12$SCH_USE_STRONG_CRYPTO$SHA256$SHA384$Services$TLS_AES_128_CCM_8_SHA256$TLS_AES_128_CCM_SHA256$TLS_AES_128_GCM_SHA256$TLS_AES_256_GCM_SHA384$TLS_CHACHA20_POLY1305_SHA256$USE_STRONG_CRYPTO$Users$schannel: AcquireCredentialsHandle failed: %s$schannel: All available TLS 1.3 ciphers were disabled$schannel: Cipher name too long, not checked$schannel: Failed setting algorithm cipher list$schannel: Failed to get certificate from file %s, last error is 0x%x$schannel: Failed to get certificate location or file for %s$schannel: Failed to import cert file %s, last error is 0x%x$schannel: Failed to import cert file %s, password is bad$schannel: Failed to open cert store %x %s, last error is 0x%x$schannel: Failed to read cert file %s$schannel: TLS 1.3 not supported on Windows prior to 11$schannel: This version of Schannel does not support setting an algorithm cipher list and TLS 1.3 cipher list at the same time$schannel: Unknown TLS 1.3 cipher: %s$schannel: WARNING: This version of Schannel may negotiate a less-secure TLS version than TLS 1.3 because the user set an algorithm cipher list.$schannel: certificate format compatibility error for %s$schannel: unable to allocate memory
                                                                                                                                                                                                                  • API String ID: 1646373207-3504624506
                                                                                                                                                                                                                  • Opcode ID: 99c0a7710fc6ba83cdc64cd3afc5073fa17ce40239fd7e81e18719eac59714f0
                                                                                                                                                                                                                  • Instruction ID: 6df3a03c5d8084cebe04fac2dfe6f1203da8c37c2c4a60ca213175445bfeeb60
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99c0a7710fc6ba83cdc64cd3afc5073fa17ce40239fd7e81e18719eac59714f0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25928B62A08B8285EB348BA198507BD27A1FF89798F445135DB8D477BEEF7CE644C700
                                                                                                                                                                                                                  Function 00007FF73E515BCC Relevance: 81.8, APIs: 54, Instructions: 809COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctype
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 19648113-0
                                                                                                                                                                                                                  • Opcode ID: 1bdbc33354084d3e94cb9039a83113a684d2a8e3f4d8a03df2bed61f9c037477
                                                                                                                                                                                                                  • Instruction ID: dd9ad32f638b4ecd18cf5cafe7cc5fbdb0b290eb3b20fc0d300182274b132b09
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bdbc33354084d3e94cb9039a83113a684d2a8e3f4d8a03df2bed61f9c037477
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C822121E0A60265EF52BF21DCA02B8B3A1AF58B84F844435ED0D57795EF7CF95CA321
                                                                                                                                                                                                                  Function 00007FF73E516874 Relevance: 81.8, APIs: 54, Instructions: 809COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctypeGetvals
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 553569086-0
                                                                                                                                                                                                                  • Opcode ID: 825ceff8ed2ad27c9a21a6efa56ede77102a6ad3cc1569d93ebd09ecd8d8d0cb
                                                                                                                                                                                                                  • Instruction ID: 6f21abe75e46f9d2df9f0d94c52af1d32c18edfb7323abf32ae304e20dbe415a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 825ceff8ed2ad27c9a21a6efa56ede77102a6ad3cc1569d93ebd09ecd8d8d0cb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE825221E0AA0265EF52BB15DCA02B8A3A1FF48B84F844535ED0D57395EF7CF95CA320
                                                                                                                                                                                                                  Function 00007FF73E4CD380 Relevance: 81.3, APIs: 37, Strings: 9, Instructions: 767windowstringthreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: curl_easy_setopt$_invalid_parameter_noinfo_noreturn$Message$Filestd::_$LockitPath$CreateExistsFindLocinfo::_Locinfo_ctorLockit::_Lockit::~_NameOperationThread_fread_nolockcurl_easy_cleanupcurl_easy_initcurl_easy_performlstrcpy
                                                                                                                                                                                                                  • String ID: <> Found:$This plugin won't be installed.$" is not correct. Expected:$%02x$Plugin cannot be found$Plugin package hash mismatched$The hash of plugin package "$The plugin package is not found.$curl error
                                                                                                                                                                                                                  • API String ID: 2305481953-1193151834
                                                                                                                                                                                                                  • Opcode ID: a7d60f382237db3036b35f9ebb30f306275a4236b2a122a7a5b611dd928a39ac
                                                                                                                                                                                                                  • Instruction ID: c315b2a3467cae4241266631e9d0105b58dd77f04aef38a42e96df4498f7e0ac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7d60f382237db3036b35f9ebb30f306275a4236b2a122a7a5b611dd928a39ac
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB72C562E08B82B1EB10AF24D8543FDA361FB49798F815132EA5D17AE9DF3CD589D310
                                                                                                                                                                                                                  Function 00007FF73E4D7060 Relevance: 69.5, APIs: 18, Strings: 21, Instructions: 1269COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_Locinfo_ctor
                                                                                                                                                                                                                  • String ID: ClassName2Close$GUPInput$InfoUrl$InfoUrl is missed.$InfoUrl node is missed.$It's not a valid GUP input xml.$MessageBoxTitle$Param$SilentMode$SilentMode value is incorrect (only "yes" or "no" is allowed).$SoftwareIcon$SoftwareName$Version$ecLparam$ecWparam$extraCmd$extraCmdButtonLabel$gup.xml$isModal$isModal value is incorrect (only "yes" or "no" is allowed).$yes
                                                                                                                                                                                                                  • API String ID: 855658166-1240933771
                                                                                                                                                                                                                  • Opcode ID: 7e874f70f03200b7104d65d440b644f21bf2c6fbc7b80a4cd5d64cda0bf7a13d
                                                                                                                                                                                                                  • Instruction ID: 29dedff1e96c7b42a2f575aad2a1376a2df952b90342fd6d405d268cbf38edc3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e874f70f03200b7104d65d440b644f21bf2c6fbc7b80a4cd5d64cda0bf7a13d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26C2D563E09683A1EA40EB25D5443BEA361FF89794FC25231F65C07696EF7CE588E310
                                                                                                                                                                                                                  Function 00007FFE004CFAD0 Relevance: 60.2, APIs: 1, Strings: 33, Instructions: 674COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: HTTP/%s%s%s%s%s%s%s%s%s%s%s%s%s$%s $%s: %s, %02d %s %4d %02d:%02d:%02d GMT$%s?%s$1.0$1.1$Accept$Accept-Encoding$Accept-Encoding: %s$Accept: */*$Alt-Used$Alt-Used: %s:%d$Content-Range$Content-Range: bytes %s%I64d/%I64d$Content-Range: bytes %s/%I64d$Content-Range: bytes 0-%I64d/%I64d$Could not seek stream$Could only read %I64d bytes from the input$File already completely uploaded$GET$HEAD$If-Modified-Since$If-Unmodified-Since$Invalid TIMEVALUE$Last-Modified$Proxy-Connection$Proxy-Connection: Keep-Alive$Range$Range: bytes=%s$Referer$Referer: %s$User-Agent$upload completely sent off: %I64d out of %I64d bytes
                                                                                                                                                                                                                  • API String ID: 0-149731007
                                                                                                                                                                                                                  • Opcode ID: 4c28b9cf387618df9ef8433dc33b68b6a16a1f02635f05b8b6fb3332260e4a69
                                                                                                                                                                                                                  • Instruction ID: bd2548fff30050065de38d46d89ddb12b1966fecd2ca57777505d7d0b2ef6d77
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c28b9cf387618df9ef8433dc33b68b6a16a1f02635f05b8b6fb3332260e4a69
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87628A72A08B8295FBA58B2594147F927A0EB45B88F484036DF8E577BDDF3CE944C318
                                                                                                                                                                                                                  Function 00007FF73E4CCA70 Relevance: 54.8, APIs: 20, Strings: 11, Instructions: 554stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2311 7ff73e4cca70-7ff73e4ccab2 call 7ff73e552da0 2314 7ff73e4ccab8-7ff73e4ccabe 2311->2314 2315 7ff73e4cd249-7ff73e4cd255 2311->2315 2318 7ff73e4ccac0-7ff73e4ccac3 2314->2318 2319 7ff73e4ccaf9-7ff73e4ccafc 2314->2319 2316 7ff73e4cd2d1 2315->2316 2317 7ff73e4cd257-7ff73e4cd27d call 7ff73e553620 lstrcmpW 2315->2317 2324 7ff73e4cd2d3-7ff73e4cd2fc call 7ff73e4ff880 2316->2324 2337 7ff73e4cd27f-7ff73e4cd286 2317->2337 2338 7ff73e4cd288-7ff73e4cd29b lstrcmpW 2317->2338 2318->2316 2323 7ff73e4ccac9-7ff73e4ccad0 2318->2323 2320 7ff73e4ccb02-7ff73e4ccb12 2319->2320 2321 7ff73e4cd237-7ff73e4cd244 call 7ff73e4cc300 2319->2321 2326 7ff73e4ccb24-7ff73e4ccb78 call 7ff73e4ff8a8 call 7ff73e4d9fc0 2320->2326 2327 7ff73e4ccb14-7ff73e4ccb19 2320->2327 2321->2324 2330 7ff73e4ccae6-7ff73e4ccaf4 EndDialog 2323->2330 2331 7ff73e4ccad2-7ff73e4ccad5 2323->2331 2346 7ff73e4ccbab-7ff73e4ccc05 call 7ff73e4d9fc0 2326->2346 2347 7ff73e4ccb7a-7ff73e4ccb8b 2326->2347 2333 7ff73e4ccb1b 2327->2333 2334 7ff73e4ccb1e SetWindowTextW 2327->2334 2330->2324 2331->2330 2339 7ff73e4ccad7-7ff73e4ccadb 2331->2339 2333->2334 2334->2326 2342 7ff73e4cd2a4-7ff73e4cd2cb ShellExecuteW EndDialog 2337->2342 2338->2316 2343 7ff73e4cd29d 2338->2343 2339->2330 2340 7ff73e4ccadd-7ff73e4ccae0 2339->2340 2340->2315 2340->2330 2342->2316 2343->2342 2354 7ff73e4ccc07-7ff73e4ccc19 2346->2354 2355 7ff73e4ccc39-7ff73e4ccc3e 2346->2355 2349 7ff73e4ccba6 call 7ff73e4ff8a0 2347->2349 2350 7ff73e4ccb8d-7ff73e4ccba0 2347->2350 2349->2346 2350->2349 2353 7ff73e4cd345-7ff73e4cd37f call 7ff73e5386d8 DialogBoxParamW 2350->2353 2357 7ff73e4ccc34 call 7ff73e4ff8a0 2354->2357 2358 7ff73e4ccc1b-7ff73e4ccc2e 2354->2358 2359 7ff73e4ccc44-7ff73e4ccc4b 2355->2359 2360 7ff73e4cd1b6-7ff73e4cd1be 2355->2360 2357->2355 2358->2357 2362 7ff73e4cd339-7ff73e4cd33e call 7ff73e5386d8 2358->2362 2359->2360 2364 7ff73e4ccc51-7ff73e4cccb2 call 7ff73e4ff8a8 call 7ff73e4d9fc0 2359->2364 2365 7ff73e4cd1c0-7ff73e4cd1d6 2360->2365 2366 7ff73e4cd1f7-7ff73e4cd1ff 2360->2366 2378 7ff73e4cd33f-7ff73e4cd344 call 7ff73e4c2700 2362->2378 2387 7ff73e4cccb4-7ff73e4cccc5 2364->2387 2388 7ff73e4ccce5-7ff73e4cccf4 2364->2388 2369 7ff73e4cd1f1-7ff73e4cd1f6 call 7ff73e4ff8a0 2365->2369 2370 7ff73e4cd1d8-7ff73e4cd1eb 2365->2370 2366->2321 2371 7ff73e4cd201-7ff73e4cd217 2366->2371 2369->2366 2370->2353 2370->2369 2372 7ff73e4cd232 call 7ff73e4ff8a0 2371->2372 2373 7ff73e4cd219-7ff73e4cd22c 2371->2373 2372->2321 2373->2372 2377 7ff73e4cd2fd-7ff73e4cd302 call 7ff73e5386d8 2373->2377 2391 7ff73e4cd303-7ff73e4cd308 call 7ff73e5386d8 2377->2391 2378->2353 2392 7ff73e4ccce0 call 7ff73e4ff8a0 2387->2392 2393 7ff73e4cccc7-7ff73e4cccda 2387->2393 2389 7ff73e4cd17a-7ff73e4cd17e 2388->2389 2390 7ff73e4cccfa-7ff73e4ccd9a call 7ff73e4d5550 call 7ff73e4d5130 call 7ff73e4d4fe0 call 7ff73e4d5550 2388->2390 2389->2360 2395 7ff73e4cd180-7ff73e4cd192 2389->2395 2404 7ff73e4cd309-7ff73e4cd30e call 7ff73e4c27a0 2390->2404 2416 7ff73e4ccda0-7ff73e4ccda4 2390->2416 2391->2404 2392->2388 2393->2391 2393->2392 2399 7ff73e4cd194-7ff73e4cd1a7 2395->2399 2400 7ff73e4cd1ad-7ff73e4cd1b5 call 7ff73e4ff8a0 2395->2400 2399->2362 2399->2400 2400->2360 2411 7ff73e4cd30f-7ff73e4cd314 call 7ff73e5386d8 2404->2411 2417 7ff73e4cd315-7ff73e4cd31a call 7ff73e5386d8 2411->2417 2418 7ff73e4ccda6-7ff73e4ccdbb 2416->2418 2419 7ff73e4ccdc0-7ff73e4ccdca 2416->2419 2425 7ff73e4cd31b-7ff73e4cd320 call 7ff73e5386d8 2417->2425 2424 7ff73e4cce6b-7ff73e4cce8a call 7ff73e4cac70 2418->2424 2422 7ff73e4ccddc-7ff73e4ccdfc 2419->2422 2423 7ff73e4ccdcc-7ff73e4ccdda 2419->2423 2422->2378 2426 7ff73e4cce02-7ff73e4cce0c 2422->2426 2427 7ff73e4cce0e-7ff73e4cce15 2423->2427 2433 7ff73e4ccec2-7ff73e4ccf6d call 7ff73e4d5550 call 7ff73e4d5130 call 7ff73e4d4fe0 call 7ff73e4d5550 call 7ff73e4d46a0 call 7ff73e4cac70 2424->2433 2434 7ff73e4cce8c-7ff73e4ccea2 2424->2434 2442 7ff73e4cd321-7ff73e4cd326 call 7ff73e5386d8 2425->2442 2426->2427 2432 7ff73e4cce3d-7ff73e4cce40 2426->2432 2427->2378 2430 7ff73e4cce1b-7ff73e4cce29 call 7ff73e4ff8a8 2427->2430 2430->2411 2449 7ff73e4cce2f-7ff73e4cce3b 2430->2449 2437 7ff73e4cce42-7ff73e4cce47 call 7ff73e4ff8a8 2432->2437 2438 7ff73e4cce49 2432->2438 2472 7ff73e4ccf6f-7ff73e4ccf77 2433->2472 2473 7ff73e4ccfe1-7ff73e4ccfe9 2433->2473 2439 7ff73e4ccea4-7ff73e4cceb7 2434->2439 2440 7ff73e4ccebd call 7ff73e4ff8a0 2434->2440 2445 7ff73e4cce4c-7ff73e4cce66 call 7ff73e553620 2437->2445 2438->2445 2439->2417 2439->2440 2440->2433 2454 7ff73e4cd327-7ff73e4cd32c call 7ff73e5386d8 2442->2454 2445->2424 2449->2445 2460 7ff73e4cd32d-7ff73e4cd332 call 7ff73e5386d8 2454->2460 2466 7ff73e4cd333-7ff73e4cd338 call 7ff73e5386d8 2460->2466 2466->2362 2474 7ff73e4ccfb0-7ff73e4ccfde 2472->2474 2475 7ff73e4ccf79-7ff73e4ccf90 2472->2475 2476 7ff73e4cd021-7ff73e4cd03a 2473->2476 2477 7ff73e4ccfeb-7ff73e4cd001 2473->2477 2474->2473 2478 7ff73e4ccf92-7ff73e4ccfa5 2475->2478 2479 7ff73e4ccfab call 7ff73e4ff8a0 2475->2479 2482 7ff73e4cd072-7ff73e4cd09a SetDlgItemTextW 2476->2482 2483 7ff73e4cd03c-7ff73e4cd052 2476->2483 2480 7ff73e4cd003-7ff73e4cd016 2477->2480 2481 7ff73e4cd01c call 7ff73e4ff8a0 2477->2481 2478->2425 2478->2479 2479->2474 2480->2425 2480->2481 2481->2476 2484 7ff73e4cd0d3-7ff73e4cd0ee 2482->2484 2485 7ff73e4cd09c-7ff73e4cd0b3 2482->2485 2488 7ff73e4cd054-7ff73e4cd067 2483->2488 2489 7ff73e4cd06d call 7ff73e4ff8a0 2483->2489 2493 7ff73e4cd0f0-7ff73e4cd107 2484->2493 2494 7ff73e4cd127-7ff73e4cd141 2484->2494 2491 7ff73e4cd0b5-7ff73e4cd0c8 2485->2491 2492 7ff73e4cd0ce call 7ff73e4ff8a0 2485->2492 2488->2442 2488->2489 2489->2482 2491->2454 2491->2492 2492->2484 2496 7ff73e4cd122 call 7ff73e4ff8a0 2493->2496 2497 7ff73e4cd109-7ff73e4cd11c 2493->2497 2494->2389 2498 7ff73e4cd143-7ff73e4cd159 2494->2498 2496->2494 2497->2460 2497->2496 2500 7ff73e4cd174-7ff73e4cd179 call 7ff73e4ff8a0 2498->2500 2501 7ff73e4cd15b-7ff73e4cd16e 2498->2501 2500->2389 2501->2466 2501->2500
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Dialog$Textlstrcmp$Concurrency::cancel_current_taskExecuteItemParamShellWindow
                                                                                                                                                                                                                  • String ID: $MSGID_DOWNLOADPAGE$$$MSGID_MOREINFO$$</a>$<a id="id_download">$<a id="id_moreinfo">$REINFO$https://notepad-plus-plus.org/downloads/$https://npp-user-manual.org/docs/upgrading/#new-version-available-but-auto-updater-find-nothing$id_download$id_moreinfo$open
                                                                                                                                                                                                                  • API String ID: 565073140-2613634261
                                                                                                                                                                                                                  • Opcode ID: c485205587576be0e0e6b1fd926299d0db36b0cb2211999a160f504af7e58f61
                                                                                                                                                                                                                  • Instruction ID: aa3a663019a9ac4ecf59ae9965943dd49860ad2f6bcd94fdc18d723d39ba8113
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c485205587576be0e0e6b1fd926299d0db36b0cb2211999a160f504af7e58f61
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E328462F14743A1FA00AB68D4543BDA361EF497A4F915231EA6C13AE9DF7CE1C9D310
                                                                                                                                                                                                                  Function 00007FF73E504E6A Relevance: 31.8, APIs: 21, Instructions: 306COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2643 7ff73e504e6a-7ff73e504e6d 2644 7ff73e504e73-7ff73e504e7d 2643->2644 2645 7ff73e504f0c-7ff73e504f16 2643->2645 2646 7ff73e504e7f-7ff73e504e91 call 7ff73e500754 2644->2646 2647 7ff73e504eba-7ff73e504ece call 7ff73e4ff8a8 2644->2647 2648 7ff73e504f53-7ff73e504f64 call 7ff73e4c5fe0 call 7ff73e504c6c 2645->2648 2649 7ff73e504f18-7ff73e504f2a call 7ff73e500754 2645->2649 2661 7ff73e504e93-7ff73e504ea3 2646->2661 2662 7ff73e504eaa-7ff73e504eb3 call 7ff73e5007cc 2646->2662 2658 7ff73e504ed0-7ff73e504ef6 call 7ff73e500f90 2647->2658 2659 7ff73e504ef8 2647->2659 2667 7ff73e504f69-7ff73e504f6d 2648->2667 2663 7ff73e504f43-7ff73e504f4c call 7ff73e5007cc 2649->2663 2664 7ff73e504f2c-7ff73e504f3c 2649->2664 2668 7ff73e504efa-7ff73e504f0a call 7ff73e504c6c 2658->2668 2659->2668 2661->2662 2662->2647 2663->2648 2664->2663 2672 7ff73e504f73-7ff73e504f7d 2667->2672 2673 7ff73e5051f0-7ff73e5051f3 2667->2673 2668->2667 2676 7ff73e504fe6-7ff73e504fe9 2672->2676 2677 7ff73e504f7f-7ff73e504f82 2672->2677 2678 7ff73e5052be-7ff73e5052ca call 7ff73e523b94 2673->2678 2679 7ff73e5051f9-7ff73e505203 2673->2679 2682 7ff73e505026-7ff73e505029 call 7ff73e503fdc 2676->2682 2683 7ff73e504feb-7ff73e504ffd call 7ff73e500754 2676->2683 2684 7ff73e504f84-7ff73e504f96 call 7ff73e500754 2677->2684 2685 7ff73e504fbf-7ff73e504fd0 call 7ff73e4ff8a8 2677->2685 2689 7ff73e5052cf-7ff73e5052ec call 7ff73e516874 call 7ff73e515bcc 2678->2689 2686 7ff73e505205-7ff73e505208 2679->2686 2687 7ff73e505268-7ff73e50526b 2679->2687 2705 7ff73e50502e-7ff73e505049 call 7ff73e504c6c 2682->2705 2712 7ff73e505016-7ff73e50501f call 7ff73e5007cc 2683->2712 2713 7ff73e504fff-7ff73e50500f 2683->2713 2715 7ff73e504faf-7ff73e504fb8 call 7ff73e5007cc 2684->2715 2716 7ff73e504f98-7ff73e504fa8 2684->2716 2708 7ff73e504fd2-7ff73e504fdf 2685->2708 2709 7ff73e504fe1-7ff73e504fe4 2685->2709 2694 7ff73e505245-7ff73e505256 call 7ff73e4ff8a8 2686->2694 2695 7ff73e50520a-7ff73e50521c call 7ff73e500754 2686->2695 2691 7ff73e50526d-7ff73e50527f call 7ff73e500754 2687->2691 2692 7ff73e5052a8-7ff73e5052ab call 7ff73e4d5440 2687->2692 2731 7ff73e5052f1-7ff73e5052fc 2689->2731 2722 7ff73e505281-7ff73e505291 2691->2722 2723 7ff73e505298-7ff73e5052a1 call 7ff73e5007cc 2691->2723 2706 7ff73e5052b0-7ff73e5052b9 call 7ff73e504c6c 2692->2706 2694->2706 2720 7ff73e505258-7ff73e505266 2694->2720 2726 7ff73e505235-7ff73e50523e call 7ff73e5007cc 2695->2726 2727 7ff73e50521e-7ff73e50522e 2695->2727 2729 7ff73e5050ae-7ff73e5050b1 2705->2729 2730 7ff73e50504b-7ff73e50504e 2705->2730 2706->2678 2708->2705 2709->2705 2712->2682 2713->2712 2715->2685 2716->2715 2720->2706 2722->2723 2723->2692 2726->2694 2727->2726 2741 7ff73e5050b3-7ff73e5050c5 call 7ff73e500754 2729->2741 2742 7ff73e5050ee-7ff73e5050f1 call 7ff73e5040f4 2729->2742 2736 7ff73e505050-7ff73e505062 call 7ff73e500754 2730->2736 2737 7ff73e50508b-7ff73e50509c call 7ff73e4ff8a8 2730->2737 2738 7ff73e505302-7ff73e505325 call 7ff73e4da990 2731->2738 2739 7ff73e5052fe 2731->2739 2755 7ff73e505064-7ff73e505074 2736->2755 2756 7ff73e50507b-7ff73e505084 call 7ff73e5007cc 2736->2756 2750 7ff73e5050f6-7ff73e505107 call 7ff73e504c6c 2737->2750 2758 7ff73e50509e-7ff73e5050ac 2737->2758 2739->2738 2753 7ff73e5050de-7ff73e5050e7 call 7ff73e5007cc 2741->2753 2754 7ff73e5050c7-7ff73e5050d7 2741->2754 2742->2750 2764 7ff73e505193-7ff73e50519d 2750->2764 2765 7ff73e50510d-7ff73e505117 2750->2765 2753->2742 2754->2753 2755->2756 2756->2737 2758->2750 2766 7ff73e50519f-7ff73e5051b1 call 7ff73e500754 2764->2766 2767 7ff73e5051da-7ff73e5051e5 call 7ff73e50420c 2764->2767 2768 7ff73e505154-7ff73e505168 call 7ff73e4ff8a8 2765->2768 2769 7ff73e505119-7ff73e50512b call 7ff73e500754 2765->2769 2781 7ff73e5051b3-7ff73e5051c3 2766->2781 2782 7ff73e5051ca-7ff73e5051d3 call 7ff73e5007cc 2766->2782 2778 7ff73e5051e8-7ff73e5051eb call 7ff73e504c6c 2767->2778 2779 7ff73e50516a-7ff73e505187 call 7ff73e50475c 2768->2779 2780 7ff73e505189 2768->2780 2783 7ff73e505144-7ff73e50514d call 7ff73e5007cc 2769->2783 2784 7ff73e50512d-7ff73e50513d 2769->2784 2778->2673 2789 7ff73e50518b-7ff73e505191 2779->2789 2780->2789 2781->2782 2782->2767 2783->2768 2784->2783 2789->2778
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3087743877-0
                                                                                                                                                                                                                  • Opcode ID: 057671cfde4f55c5bb6b56795baf2393243e9edf14468437baf947a16ff7dbe5
                                                                                                                                                                                                                  • Instruction ID: 7f4d43b2a0acf50579d8cf1a97e10baf4096478edbb35d7c286e7e8fd57fc026
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 057671cfde4f55c5bb6b56795baf2393243e9edf14468437baf947a16ff7dbe5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBD18061E09602A1EB96FF15DC702B8A3A0AF48B84FC44435E94D43695EF3CBA5DA361
                                                                                                                                                                                                                  Function 00007FFE004B73F0 Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 291networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2793 7ffe004b73f0-7ffe004b745c call 7ffe004faa00 call 7ffe004b7c30 2798 7ffe004b74cb-7ffe004b74d2 2793->2798 2799 7ffe004b745e-7ffe004b747e call 7ffe004ba3e0 2793->2799 2800 7ffe004b74d8-7ffe004b74df 2798->2800 2801 7ffe004b786f-7ffe004b78b7 call 7ffe004c0ab0 call 7ffe00511550 2798->2801 2810 7ffe004b751f-7ffe004b7527 2799->2810 2811 7ffe004b7484-7ffe004b74c6 call 7ffe0051d1b0 * 3 call 7ffe004f5b30 call 7ffe004c0920 2799->2811 2803 7ffe004b785f-7ffe004b7862 closesocket 2800->2803 2804 7ffe004b74e5-7ffe004b74f0 2800->2804 2807 7ffe004b7868 2803->2807 2808 7ffe004b74f6-7ffe004b751a call 7ffe004e1c20 call 7ffe004e1f60 * 2 2804->2808 2809 7ffe004b785a call 7ffe004e1c20 2804->2809 2807->2801 2808->2807 2809->2803 2817 7ffe004b7529-7ffe004b7551 setsockopt 2810->2817 2818 7ffe004b7553 2810->2818 2811->2798 2822 7ffe004b755a-7ffe004b757a call 7ffe004c0a10 2817->2822 2818->2822 2829 7ffe004b757c-7ffe004b757f 2822->2829 2830 7ffe004b7581-7ffe004b7587 2822->2830 2829->2830 2832 7ffe004b75ea 2829->2832 2830->2832 2833 7ffe004b7589-7ffe004b7592 2830->2833 2836 7ffe004b75ed-7ffe004b7610 2832->2836 2833->2836 2837 7ffe004b7594-7ffe004b75bd setsockopt 2833->2837 2842 7ffe004b7647-7ffe004b764a 2836->2842 2843 7ffe004b7612-7ffe004b762d call 7ffe00504430 2836->2843 2837->2836 2840 7ffe004b75bf-7ffe004b75e8 WSAGetLastError call 7ffe004f5b30 call 7ffe004c0a10 2837->2840 2840->2836 2845 7ffe004b764c-7ffe004b7671 getsockopt 2842->2845 2846 7ffe004b769e-7ffe004b76a1 2842->2846 2857 7ffe004b763b-7ffe004b7645 2843->2857 2858 7ffe004b762f-7ffe004b7639 2843->2858 2850 7ffe004b767d-7ffe004b7698 setsockopt 2845->2850 2851 7ffe004b7673-7ffe004b767b 2845->2851 2852 7ffe004b76a7-7ffe004b76ae 2846->2852 2853 7ffe004b778a-7ffe004b7792 2846->2853 2850->2846 2851->2846 2851->2850 2852->2853 2861 7ffe004b76b4-7ffe004b76e2 setsockopt 2852->2861 2859 7ffe004b7794-7ffe004b77c0 call 7ffe004e1f60 * 2 2853->2859 2860 7ffe004b77d5 2853->2860 2857->2845 2858->2846 2891 7ffe004b77c7-7ffe004b77c9 2859->2891 2892 7ffe004b77c2-7ffe004b77c5 2859->2892 2867 7ffe004b77d8-7ffe004b77e0 2860->2867 2864 7ffe004b76fb-7ffe004b776d call 7ffe00504690 * 2 WSAIoctl 2861->2864 2865 7ffe004b76e4-7ffe004b76f6 call 7ffe004c0a10 2861->2865 2864->2853 2885 7ffe004b776f-7ffe004b7785 WSAGetLastError call 7ffe004c0a10 2864->2885 2865->2853 2868 7ffe004b77e7-7ffe004b780d call 7ffe004d82e0 call 7ffe004b6dd0 2867->2868 2869 7ffe004b77e2-7ffe004b77e5 2867->2869 2873 7ffe004b7820-7ffe004b7828 call 7ffe004e60a0 2868->2873 2890 7ffe004b780f-7ffe004b7812 2868->2890 2869->2868 2869->2873 2884 7ffe004b782d-7ffe004b7830 2873->2884 2884->2801 2888 7ffe004b7832-7ffe004b7858 call 7ffe004b79a0 call 7ffe004faa00 2884->2888 2885->2853 2888->2801 2890->2798 2894 7ffe004b7818-7ffe004b781b 2890->2894 2891->2860 2895 7ffe004b77cb-7ffe004b77d0 2891->2895 2892->2867 2894->2798 2895->2798
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: setsockopt$ErrorLast$CounterIoctlPerformanceQueryclosesocketgetsockopthtons
                                                                                                                                                                                                                  • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$Could not set TCP_NODELAY: %s$Failed to set SIO_KEEPALIVE_VALS on fd %d: %d$Failed to set SO_KEEPALIVE on fd %d$cf_socket_open() -> %d, fd=%qd$sa_addr inet_ntop() failed with errno %d: %s
                                                                                                                                                                                                                  • API String ID: 2864626216-4012644431
                                                                                                                                                                                                                  • Opcode ID: 5061ef193317f426787493c351151e4149df8b226b79e00b1e422e605255f040
                                                                                                                                                                                                                  • Instruction ID: 0923d7c6e978f58974fe569dc4d95954257529bf3df0c04f1db6a3bcf3069557
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5061ef193317f426787493c351151e4149df8b226b79e00b1e422e605255f040
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3ED1BC72A0C68286EB24DF25E4446BE7760FB88B94F404136DB4D87BA9DF7CE545CB04
                                                                                                                                                                                                                  Function 00007FFE004F6CB0 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 150libraryloadernetworkCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2899 7ffe004f6cb0-7ffe004f6ccc 2900 7ffe004f6d16-7ffe004f6d1d call 7ffe004c0700 2899->2900 2901 7ffe004f6cce-7ffe004f6ce0 WSAStartup 2899->2901 2910 7ffe004f6f15-7ffe004f6f2c call 7ffe00511550 2900->2910 2911 7ffe004f6d23-7ffe004f6d48 GetModuleHandleA 2900->2911 2902 7ffe004f6cf9-7ffe004f6d15 call 7ffe00511550 2901->2902 2903 7ffe004f6ce2-7ffe004f6ce9 2901->2903 2905 7ffe004f6ceb-7ffe004f6cf1 2903->2905 2906 7ffe004f6cf3 WSACleanup 2903->2906 2905->2900 2905->2906 2906->2902 2913 7ffe004f6d4a-7ffe004f6d51 2911->2913 2914 7ffe004f6d56-7ffe004f6d92 GetProcAddress call 7ffe00523530 2911->2914 2915 7ffe004f6ed2-7ffe004f6f0d call 7ffe00504430 QueryPerformanceFrequency 2913->2915 2920 7ffe004f6dba-7ffe004f6dbd 2914->2920 2921 7ffe004f6d94-7ffe004f6d9a 2914->2921 2915->2910 2925 7ffe004f6de9-7ffe004f6e00 GetSystemDirectoryA 2920->2925 2926 7ffe004f6dbf-7ffe004f6dd2 GetProcAddress 2920->2926 2923 7ffe004f6dac-7ffe004f6db5 LoadLibraryA 2921->2923 2924 7ffe004f6d9c-7ffe004f6da7 2921->2924 2927 7ffe004f6e9a-7ffe004f6eb4 2923->2927 2924->2927 2929 7ffe004f6e06-7ffe004f6e19 2925->2929 2930 7ffe004f6e92 2925->2930 2926->2925 2928 7ffe004f6dd4-7ffe004f6de4 LoadLibraryExA 2926->2928 2927->2915 2931 7ffe004f6eb6-7ffe004f6ec9 GetProcAddress 2927->2931 2928->2927 2935 7ffe004f6e1b-7ffe004f6e29 GetSystemDirectoryA 2929->2935 2936 7ffe004f6e89 2929->2936 2930->2927 2931->2915 2933 7ffe004f6ecb 2931->2933 2933->2915 2935->2936 2937 7ffe004f6e2b-7ffe004f6e32 2935->2937 2936->2930 2938 7ffe004f6e35-7ffe004f6e3e 2937->2938 2938->2938 2939 7ffe004f6e40 2938->2939 2940 7ffe004f6e46-7ffe004f6e4d 2939->2940 2940->2940 2941 7ffe004f6e4f-7ffe004f6e58 2940->2941 2942 7ffe004f6e60-7ffe004f6e6c 2941->2942 2942->2942 2943 7ffe004f6e6e-7ffe004f6e74 2942->2943 2944 7ffe004f6e76-7ffe004f6e7e 2943->2944 2945 7ffe004f6e80 LoadLibraryA 2943->2945 2946 7ffe004f6e86 2944->2946 2945->2946 2946->2936
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc$DirectorySystem$CleanupFrequencyHandleModulePerformanceQueryStartup
                                                                                                                                                                                                                  • String ID: AddDllDirectory$LoadLibraryExA$if_nametoindex$iphlpapi.dll$kernel32
                                                                                                                                                                                                                  • API String ID: 263636572-2794540096
                                                                                                                                                                                                                  • Opcode ID: 9466a7fb3ac7eb954e81554a8e21ff5aada84b032bb5841f6569938a18399e76
                                                                                                                                                                                                                  • Instruction ID: 8248e89bee36ab8e6febe19890c593beb4a4c28e073e4f582026c91c7a0c1301
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9466a7fb3ac7eb954e81554a8e21ff5aada84b032bb5841f6569938a18399e76
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9361A92AA0DA8686FB759B25E4143B92391EF88B91F494134CF4E137BDEF2CE406C704
                                                                                                                                                                                                                  Function 00007FFE00508E50 Relevance: 24.8, APIs: 2, Strings: 12, Instructions: 299libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3133 7ffe00508e50-7ffe00508ed0 call 7ffe0050c750 call 7ffe0050c730 call 7ffe00504430 3140 7ffe00508ee1-7ffe00508ee6 3133->3140 3141 7ffe00508ed2-7ffe00508edc call 7ffe004c0a10 3133->3141 3143 7ffe00508ee8-7ffe00508f08 GetModuleHandleA GetProcAddress 3140->3143 3144 7ffe00508f2c 3140->3144 3141->3140 3143->3144 3145 7ffe00508f0a-7ffe00508f26 call 7ffe00504430 3143->3145 3146 7ffe00508f2e-7ffe00508f36 3144->3146 3145->3144 3154 7ffe00508f28-7ffe00508f2a 3145->3154 3148 7ffe00508f43-7ffe00508f62 call 7ffe00504430 3146->3148 3149 7ffe00508f38-7ffe00508f3d 3146->3149 3156 7ffe005092e8-7ffe005092f7 call 7ffe004c0920 3148->3156 3157 7ffe00508f68 3148->3157 3149->3148 3152 7ffe00508f3f-7ffe00508f41 3149->3152 3155 7ffe00508f6a-7ffe00508f7a 3152->3155 3154->3146 3158 7ffe00508fb9-7ffe00508fbf call 7ffe00507c50 3155->3158 3159 7ffe00508f7c-7ffe00508f99 call 7ffe0050d2a0 call 7ffe0050cdd0 3155->3159 3167 7ffe005092fc-7ffe00509325 call 7ffe00511550 3156->3167 3157->3155 3165 7ffe00508fc4-7ffe00508fca 3158->3165 3173 7ffe00508fab-7ffe00508fb7 call 7ffe0050d2d0 3159->3173 3174 7ffe00508f9b-7ffe00508fa8 3159->3174 3166 7ffe00508fd0-7ffe00508fe1 call 7ffe0050d310 3165->3166 3165->3167 3176 7ffe00508fe3-7ffe00508ff7 call 7ffe004c0920 3166->3176 3177 7ffe00508ffc-7ffe00509013 call 7ffe00525490 3166->3177 3173->3158 3184 7ffe00509019-7ffe0050902c call 7ffe004db050 3173->3184 3174->3173 3176->3167 3177->3184 3185 7ffe0050918b-7ffe00509190 3177->3185 3188 7ffe0050902e-7ffe0050903f call 7ffe004db050 3184->3188 3189 7ffe00509041-7ffe0050904b call 7ffe004c0a10 3184->3189 3185->3167 3188->3189 3192 7ffe00509050-7ffe00509054 3188->3192 3189->3192 3194 7ffe00509109-7ffe00509126 3192->3194 3195 7ffe0050905a-7ffe00509074 call 7ffe0050b970 3192->3195 3196 7ffe0050912a-7ffe00509159 3194->3196 3201 7ffe0050908f-7ffe00509107 call 7ffe00535710 call 7ffe005046b0 call 7ffe0050ba30 call 7ffe004c0a10 3195->3201 3202 7ffe00509076-7ffe0050908a call 7ffe004c0920 3195->3202 3198 7ffe00509162-7ffe0050917a 3196->3198 3199 7ffe0050915b 3196->3199 3206 7ffe00509195-7ffe005091f6 3198->3206 3207 7ffe0050917c-7ffe00509186 call 7ffe004c0920 3198->3207 3199->3198 3201->3196 3202->3167 3214 7ffe0050926f-7ffe00509288 call 7ffe004b8240 3206->3214 3215 7ffe005091f8-7ffe00509223 call 7ffe004f53f0 3206->3215 3207->3185 3219 7ffe0050928d-7ffe005092aa 3214->3219 3228 7ffe00509225-7ffe0050922b 3215->3228 3229 7ffe00509259-7ffe0050926a call 7ffe004c0920 3215->3229 3226 7ffe005092cf-7ffe005092e6 call 7ffe004c0920 3219->3226 3227 7ffe005092ac-7ffe005092af 3219->3227 3226->3167 3227->3226 3230 7ffe005092b1-7ffe005092cd 3227->3230 3231 7ffe00509243-7ffe00509254 call 7ffe004c0920 3228->3231 3232 7ffe0050922d-7ffe0050923e call 7ffe004c0920 3228->3232 3229->3167 3230->3167 3231->3167 3232->3167
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: GetModuleHandleA.KERNEL32 ref: 00007FFE00504476
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: GetProcAddress.KERNEL32 ref: 00007FFE00504486
                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32 ref: 00007FFE00508EEF
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00007FFE00508EFF
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: VerSetConditionMask.KERNEL32 ref: 00007FFE00504541
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: VerSetConditionMask.KERNEL32 ref: 00007FFE00504553
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: VerSetConditionMask.KERNEL32 ref: 00007FFE00504565
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: VerSetConditionMask.KERNEL32 ref: 00007FFE00504577
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: VerSetConditionMask.KERNEL32 ref: 00007FFE0050458C
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: RtlVerifyVersionInfo.NTDLL ref: 00007FFE005045AF
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: VerSetConditionMask.KERNEL32 ref: 00007FFE00504607
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: RtlVerifyVersionInfo.NTDLL ref: 00007FFE00504626
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConditionMask$AddressHandleInfoModuleProcVerifyVersion
                                                                                                                                                                                                                  • String ID: ALPN: curl offers %s$Error setting ALPN$Failed to set SNI$ntdll$schannel: SNI or certificate check failed: %s$schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: initial InitializeSecurityContext failed: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$wine_get_version
                                                                                                                                                                                                                  • API String ID: 60985879-4031750348
                                                                                                                                                                                                                  • Opcode ID: a90607f52466dce2e6b1b942d6e25e62293b46dd0333b9f8d597e1758ac71b61
                                                                                                                                                                                                                  • Instruction ID: c2bb307c3e7b50446dd48c8a72461aeb3f2a31853681259081a65e746cd16a88
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a90607f52466dce2e6b1b942d6e25e62293b46dd0333b9f8d597e1758ac71b61
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBD14676A086429AFB609BA5E4547AD37A0FB45B88F404035DB8C07BAEDF3CE655C740
                                                                                                                                                                                                                  Function 00007FFE004F25E0 Relevance: 24.2, APIs: 16, Instructions: 174networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: socket$acceptbindconnectgetsocknamehtonllistensendsetsockopt
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3053784475-0
                                                                                                                                                                                                                  • Opcode ID: 2baa52e770f05fc4cf02cd2738288597848b1526e8b7308119a8b4fc6f9b3461
                                                                                                                                                                                                                  • Instruction ID: 05c910b8a565669221d1ec1f32283bd634b3e70b9d6a33bcc3f02ec142ae0fad
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2baa52e770f05fc4cf02cd2738288597848b1526e8b7308119a8b4fc6f9b3461
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B819932B08A858AF720EB64D5146BD3361EB487A9F404735CF2E56BF8EF78A549C344
                                                                                                                                                                                                                  Function 00007FFE004E49F0 Relevance: 20.0, APIs: 13, Instructions: 480networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3303 7ffe004e49f0-7ffe004e4a61 3304 7ffe004e4a67-7ffe004e4a6d 3303->3304 3305 7ffe004e51c8 3303->3305 3304->3305 3306 7ffe004e4a73-7ffe004e4a7a 3304->3306 3307 7ffe004e4a7c-7ffe004e4a81 3306->3307 3308 7ffe004e4a86-7ffe004e4a89 3306->3308 3309 7ffe004e4b57-7ffe004e4b75 call 7ffe00511550 3307->3309 3310 7ffe004e4a8b-7ffe004e4a90 3308->3310 3311 7ffe004e4a95-7ffe004e4aa4 3308->3311 3310->3309 3312 7ffe004e4aa6 3311->3312 3313 7ffe004e4aff-7ffe004e4b12 call 7ffe004e4900 3311->3313 3315 7ffe004e4ab0-7ffe004e4acb call 7ffe004e3370 3312->3315 3320 7ffe004e4b14-7ffe004e4b1b 3313->3320 3321 7ffe004e4b20-7ffe004e4b34 3313->3321 3325 7ffe004e4ad0-7ffe004e4adc 3315->3325 3320->3321 3323 7ffe004e4b7b-7ffe004e4b89 3321->3323 3324 7ffe004e4b36-7ffe004e4b48 3321->3324 3328 7ffe004e4cc9-7ffe004e4cce 3323->3328 3329 7ffe004e4b8f-7ffe004e4b9b 3323->3329 3335 7ffe004e4b4a-7ffe004e4b4f 3324->3335 3336 7ffe004e4b76 3324->3336 3326 7ffe004e4af6-7ffe004e4afd 3325->3326 3327 7ffe004e4ade-7ffe004e4ae2 3325->3327 3326->3313 3326->3315 3327->3326 3331 7ffe004e4ae4-7ffe004e4af4 3327->3331 3333 7ffe004e4e0c 3328->3333 3334 7ffe004e4cd4-7ffe004e4cdd 3328->3334 3329->3328 3332 7ffe004e4ba1-7ffe004e4bba call 7ffe004e3370 3329->3332 3331->3325 3331->3326 3345 7ffe004e4bc0-7ffe004e4bd6 3332->3345 3337 7ffe004e4e10-7ffe004e4e12 3333->3337 3339 7ffe004e4ce0-7ffe004e4cfd 3334->3339 3335->3309 3336->3323 3342 7ffe004e4e2d-7ffe004e4e3a call 7ffe004eae00 3337->3342 3343 7ffe004e4e14-7ffe004e4e1d 3337->3343 3340 7ffe004e4cff-7ffe004e4d33 getsockopt 3339->3340 3341 7ffe004e4d51-7ffe004e4d67 WSAEventSelect 3339->3341 3346 7ffe004e4d4d 3340->3346 3347 7ffe004e4d35-7ffe004e4d3a 3340->3347 3348 7ffe004e4d6d-7ffe004e4d90 3341->3348 3349 7ffe004e4df2-7ffe004e4df7 3341->3349 3363 7ffe004e4e3f-7ffe004e4e44 3342->3363 3350 7ffe004e5149-7ffe004e514e 3343->3350 3351 7ffe004e4e23-7ffe004e4e2b 3343->3351 3353 7ffe004e4bdc-7ffe004e4be3 3345->3353 3354 7ffe004e4ca9-7ffe004e4cba 3345->3354 3346->3341 3347->3346 3355 7ffe004e4d3c-7ffe004e4d47 send 3347->3355 3360 7ffe004e4d92-7ffe004e4d9d 3348->3360 3361 7ffe004e4da0-7ffe004e4da3 3348->3361 3356 7ffe004e4df9 3349->3356 3357 7ffe004e4e02 3349->3357 3358 7ffe004e515b-7ffe004e5163 3350->3358 3359 7ffe004e5150 3350->3359 3362 7ffe004e4e5b-7ffe004e4e73 WSAWaitForMultipleEvents 3351->3362 3353->3354 3364 7ffe004e4be9-7ffe004e4c0b 3353->3364 3354->3332 3370 7ffe004e4cc0-7ffe004e4cc5 3354->3370 3355->3346 3356->3357 3357->3333 3366 7ffe004e516b-7ffe004e5172 3358->3366 3367 7ffe004e5165-7ffe004e5169 3358->3367 3359->3358 3360->3361 3368 7ffe004e4da5-7ffe004e4dad 3361->3368 3369 7ffe004e4db1-7ffe004e4db4 3361->3369 3365 7ffe004e4e79-7ffe004e4e81 3362->3365 3371 7ffe004e4e46 3363->3371 3372 7ffe004e4e50 3363->3372 3375 7ffe004e4c0d-7ffe004e4c13 3364->3375 3376 7ffe004e4c19-7ffe004e4c1d 3364->3376 3377 7ffe004e4e87 3365->3377 3378 7ffe004e4f8e-7ffe004e4f91 3365->3378 3379 7ffe004e5174-7ffe004e5176 3366->3379 3380 7ffe004e51c1-7ffe004e51c3 3366->3380 3367->3366 3368->3369 3381 7ffe004e4db6-7ffe004e4dba 3369->3381 3382 7ffe004e4dbe-7ffe004e4dce 3369->3382 3370->3328 3371->3372 3373 7ffe004e4e58 3372->3373 3374 7ffe004e4e52-7ffe004e4e56 3372->3374 3373->3362 3374->3365 3375->3376 3383 7ffe004e4c77-7ffe004e4c8c WSAEventSelect 3376->3383 3384 7ffe004e4c1f-7ffe004e4c53 getsockopt 3376->3384 3385 7ffe004e4e90-7ffe004e4ec0 WSAEnumNetworkEvents 3377->3385 3388 7ffe004e4f97-7ffe004e4fa3 3378->3388 3389 7ffe004e5131-7ffe004e5142 WSAResetEvent 3378->3389 3379->3380 3386 7ffe004e5178-7ffe004e517a 3379->3386 3381->3382 3382->3339 3387 7ffe004e4dd4 3382->3387 3396 7ffe004e4dd6-7ffe004e4ddb 3383->3396 3397 7ffe004e4c92-7ffe004e4ca3 3383->3397 3392 7ffe004e4c6d-7ffe004e4c72 3384->3392 3393 7ffe004e4c55-7ffe004e4c5a 3384->3393 3394 7ffe004e4f1c-7ffe004e4f32 WSAEventSelect 3385->3394 3395 7ffe004e4ec2-7ffe004e4ef7 3385->3395 3386->3380 3398 7ffe004e517c-7ffe004e5187 3386->3398 3387->3337 3390 7ffe004e512c 3388->3390 3391 7ffe004e4fa9-7ffe004e4fb5 3388->3391 3389->3350 3390->3389 3399 7ffe004e4fc0-7ffe004e4fc7 3391->3399 3392->3383 3393->3392 3400 7ffe004e4c5c-7ffe004e4c67 send 3393->3400 3403 7ffe004e4f65-7ffe004e4f88 3394->3403 3404 7ffe004e4f34-7ffe004e4f61 3394->3404 3395->3394 3401 7ffe004e4ef9-7ffe004e4efc 3395->3401 3396->3357 3405 7ffe004e4ddd-7ffe004e4de8 3396->3405 3397->3345 3397->3354 3398->3380 3402 7ffe004e5189-7ffe004e5190 3398->3402 3406 7ffe004e508d-7ffe004e509c 3399->3406 3407 7ffe004e4fcd-7ffe004e4fd7 3399->3407 3400->3392 3401->3394 3408 7ffe004e4efe-7ffe004e4f01 3401->3408 3402->3380 3409 7ffe004e5192-7ffe004e51a1 call 7ffe004e4900 3402->3409 3403->3378 3403->3385 3404->3403 3405->3349 3415 7ffe004e50a1-7ffe004e50ac 3406->3415 3407->3406 3411 7ffe004e4fdd-7ffe004e4fe7 3407->3411 3408->3394 3413 7ffe004e4f03-7ffe004e4f1a WSAEventSelect 3408->3413 3409->3380 3419 7ffe004e51a3-7ffe004e51a9 3409->3419 3411->3406 3413->3403 3417 7ffe004e5104-7ffe004e5121 3415->3417 3418 7ffe004e50ae-7ffe004e50c5 WSAEnumNetworkEvents 3415->3418 3417->3399 3423 7ffe004e5127-7ffe004e512a 3417->3423 3421 7ffe004e50c7-7ffe004e50cd 3418->3421 3422 7ffe004e50de-7ffe004e5102 WSAEventSelect 3418->3422 3419->3380 3420 7ffe004e51ab-7ffe004e51b1 3419->3420 3424 7ffe004e51b7 3420->3424 3425 7ffe004e51b3-7ffe004e51b5 3420->3425 3421->3422 3426 7ffe004e50cf-7ffe004e50d2 3421->3426 3422->3415 3422->3417 3423->3389 3427 7ffe004e51b9-7ffe004e51bc call 7ffe004eb340 3424->3427 3425->3424 3425->3427 3426->3422 3428 7ffe004e50d4-7ffe004e50d9 3426->3428 3427->3380 3428->3422 3430 7ffe004e50db 3428->3430 3430->3422
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: EventSelect$Eventsgetsockoptsend$EnumMultipleNetworkWait
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 435280239-0
                                                                                                                                                                                                                  • Opcode ID: 1a4880c4cca101a9700aa0a5b0d19d315f0c86c5adb4d389179fd712b64bc8d6
                                                                                                                                                                                                                  • Instruction ID: 7339193f0052c6820bcf516d3593dd424ee68337240a2ebb187b0dbe4379bf97
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a4880c4cca101a9700aa0a5b0d19d315f0c86c5adb4d389179fd712b64bc8d6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3012B232A19A9286FB648B25E45077A77A1FB84B94F145035EF8E43BACDF3CE440CB04
                                                                                                                                                                                                                  Function 00007FF73E54ED78 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                                                  • Opcode ID: 5b8c4005cbbfb49e19bca4c348869945ad9365ae46dd08d8548f42b0760ee285
                                                                                                                                                                                                                  • Instruction ID: b3e37e808e6da51e876b8700463b19e2b84408fb12ebb4967adce95d2a074c86
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b8c4005cbbfb49e19bca4c348869945ad9365ae46dd08d8548f42b0760ee285
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDC1F533B28A5295EB10EFA8C8A02BC77A1F749B98B911235DE1E5B3D4CF38D059D710
                                                                                                                                                                                                                  Function 00007FF73E4CE720 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FindMessageWindow$ExecuteSendShell
                                                                                                                                                                                                                  • String ID: open
                                                                                                                                                                                                                  • API String ID: 2157474123-2758837156
                                                                                                                                                                                                                  • Opcode ID: 4894af690422fea00e60ed7b333b7628aefdfa914ecccaaf0ce41219d188c9b1
                                                                                                                                                                                                                  • Instruction ID: 41124679dd2086966371edfaa3520d0b77432f0a298da953659dc576f1ad875e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4894af690422fea00e60ed7b333b7628aefdfa914ecccaaf0ce41219d188c9b1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6731C1B1A05B42A1EB24EB11E814679FBA1FB49BC4F854836EE4D43B94CF3CD188D750
                                                                                                                                                                                                                  Function 00007FF73E4CF570 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 221COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: lstrlen$lstrcpy
                                                                                                                                                                                                                  • String ID: GUP_NativeLangue$MSGID_UPDATEAVAILABLE$MSGID_VERSIONCURRENT$nativeLang.xml
                                                                                                                                                                                                                  • API String ID: 805584807-4254139748
                                                                                                                                                                                                                  • Opcode ID: 4e5321de2c46561aeee26d00ad0cd7e7de89a4fc81be787da8350b64fd63c9e8
                                                                                                                                                                                                                  • Instruction ID: 08d6f37fddcc66f2f17073269f6cf964c6c7311a45438f21e1a20f820cd12ef9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e5321de2c46561aeee26d00ad0cd7e7de89a4fc81be787da8350b64fd63c9e8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73B1852261CBC6A0EA709B10E8503EBE761FBC9744F815132EACD47A99DF7DD588DB10
                                                                                                                                                                                                                  Function 00007FFE004E9AD0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CryptRandom
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2662593985-0
                                                                                                                                                                                                                  • Opcode ID: 1642f3ff59f571fe3d17c1ff5750268d6634c5a1dc77d2f5cbc82c41ad58bac7
                                                                                                                                                                                                                  • Instruction ID: 67137f3435ec57f6d07f62953c1c8a314a76964b9ba74366de4dd21fe4ee7615
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1642f3ff59f571fe3d17c1ff5750268d6634c5a1dc77d2f5cbc82c41ad58bac7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B210722F086C28AF7258B15F40126AA7A5FB81790F148131DB4897FADCBBCED41C700
                                                                                                                                                                                                                  Function 00007FFE004E9CA0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CryptRandom
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2662593985-0
                                                                                                                                                                                                                  • Opcode ID: 48c625ce8e43ef435cc58a46487c3147b0a2e9328c2f6a629ad0bd5c71e72486
                                                                                                                                                                                                                  • Instruction ID: f393e7604d36977a45f1eb5ae4d44112a433fccdfe59fffde49778aead81e69c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48c625ce8e43ef435cc58a46487c3147b0a2e9328c2f6a629ad0bd5c71e72486
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FD02B92B2854100DB3859B3F5474AB8053AB58FC0F48D034AF198B79ADC2CC1800740
                                                                                                                                                                                                                  Function 00007FF73E4CE940 Relevance: 72.1, APIs: 7, Strings: 34, Instructions: 320windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1380 7ff73e4ce940-7ff73e4ce985 call 7ff73e539c0c 1383 7ff73e4ce9bd-7ff73e4ce9cc call 7ff73e539c0c 1380->1383 1384 7ff73e4ce987-7ff73e4ce99c 1380->1384 1390 7ff73e4cea00-7ff73e4cea27 call 7ff73e539c0c 1383->1390 1391 7ff73e4ce9ce-7ff73e4ce9dc 1383->1391 1385 7ff73e4ce9a0-7ff73e4ce9a8 1384->1385 1385->1385 1387 7ff73e4ce9aa-7ff73e4ce9b8 call 7ff73e4d5550 1385->1387 1396 7ff73e4cee02-7ff73e4cee27 call 7ff73e4ff880 1387->1396 1398 7ff73e4cea6f-7ff73e4cea87 call 7ff73e4ce850 1390->1398 1399 7ff73e4cea29 1390->1399 1394 7ff73e4ce9e3-7ff73e4ce9eb 1391->1394 1394->1394 1397 7ff73e4ce9ed-7ff73e4ce9fb call 7ff73e4d5550 1394->1397 1397->1396 1410 7ff73e4ceaf9-7ff73e4ceb01 1398->1410 1411 7ff73e4cea89-7ff73e4cea91 1398->1411 1402 7ff73e4cea30-7ff73e4cea38 1399->1402 1402->1402 1406 7ff73e4cea3a-7ff73e4cea42 1402->1406 1408 7ff73e4cea44-7ff73e4cea5d call 7ff73e553620 1406->1408 1409 7ff73e4cea62-7ff73e4cea6a call 7ff73e4d5c00 1406->1409 1413 7ff73e4ceb39-7ff73e4ceb5f call 7ff73e4d4fe0 PathFileExistsW 1408->1413 1409->1413 1412 7ff73e4ceb03-7ff73e4ceb19 1410->1412 1410->1413 1416 7ff73e4cea93-7ff73e4ceaa9 1411->1416 1417 7ff73e4ceac9-7ff73e4ceaf5 1411->1417 1421 7ff73e4ceb34 call 7ff73e4ff8a0 1412->1421 1422 7ff73e4ceb1b-7ff73e4ceb2e 1412->1422 1429 7ff73e4ceb75-7ff73e4ceb8d call 7ff73e4ce850 1413->1429 1430 7ff73e4ceb61-7ff73e4ceb70 1413->1430 1418 7ff73e4ceac4 call 7ff73e4ff8a0 1416->1418 1419 7ff73e4ceaab-7ff73e4ceabe 1416->1419 1417->1410 1418->1417 1419->1418 1425 7ff73e4cee2e-7ff73e4cee33 call 7ff73e5386d8 1419->1425 1421->1413 1422->1421 1422->1425 1434 7ff73e4cee34-7ff73e4cee39 call 7ff73e5386d8 1425->1434 1436 7ff73e4cebff-7ff73e4cec07 1429->1436 1437 7ff73e4ceb8f-7ff73e4ceb97 1429->1437 1430->1396 1446 7ff73e4cee3a-7ff73e4cee3f call 7ff73e5386d8 1434->1446 1442 7ff73e4cec3f-7ff73e4cec44 1436->1442 1443 7ff73e4cec09-7ff73e4cec1f 1436->1443 1439 7ff73e4cebcf-7ff73e4cebfb 1437->1439 1440 7ff73e4ceb99-7ff73e4cebaf 1437->1440 1439->1436 1444 7ff73e4cebb1-7ff73e4cebc4 1440->1444 1445 7ff73e4cebca call 7ff73e4ff8a0 1440->1445 1442->1430 1449 7ff73e4cec4a-7ff73e4ceca7 call 7ff73e4ff8a8 call 7ff73e4d9fc0 1442->1449 1447 7ff73e4cec21-7ff73e4cec34 1443->1447 1448 7ff73e4cec3a call 7ff73e4ff8a0 1443->1448 1444->1434 1444->1445 1445->1439 1456 7ff73e4cee40-7ff73e4cee45 call 7ff73e5386d8 1446->1456 1447->1434 1447->1448 1448->1442 1460 7ff73e4ceca9-7ff73e4cecba 1449->1460 1461 7ff73e4cecda-7ff73e4cecdf 1449->1461 1463 7ff73e4cecd5 call 7ff73e4ff8a0 1460->1463 1464 7ff73e4cecbc-7ff73e4ceccf 1460->1464 1465 7ff73e4ced34-7ff73e4ced40 1461->1465 1466 7ff73e4cece1-7ff73e4cece9 1461->1466 1463->1461 1464->1446 1464->1463 1470 7ff73e4ced45-7ff73e4ced7d MessageBoxW 1465->1470 1471 7ff73e4ced42 1465->1471 1468 7ff73e4ced1f-7ff73e4ced2f call 7ff73e4d5c00 1466->1468 1469 7ff73e4ceceb-7ff73e4ced1d call 7ff73e553620 1466->1469 1468->1465 1469->1465 1474 7ff73e4cedb5-7ff73e4cedce 1470->1474 1475 7ff73e4ced7f-7ff73e4ced95 1470->1475 1471->1470 1474->1396 1478 7ff73e4cedd0-7ff73e4cede6 1474->1478 1476 7ff73e4cedb0 call 7ff73e4ff8a0 1475->1476 1477 7ff73e4ced97-7ff73e4cedaa 1475->1477 1476->1474 1477->1456 1477->1476 1481 7ff73e4cedfd call 7ff73e4ff8a0 1478->1481 1482 7ff73e4cede8-7ff73e4cedfb 1478->1482 1481->1396 1482->1481 1484 7ff73e4cee28-7ff73e4cee2d call 7ff73e5386d8 1482->1484 1484->1425
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ExistsFileMessagePath
                                                                                                                                                                                                                  • String ID: $ is opened.Updater will close it in order to process the installation.Continue?$--help$-clean$-options$-unzipTo$-verbose$.$.0.0.0$.backup4RestoreInCaseOfFailed$.exe$.zip$@$An update package is available, do you want to download it?$AppData$Available version is :$Can't find any folder for downloading.Please check your environment variables"%TMP%", "%TEMP%" and "%APPDATA%"$Can't unzip:Operation not permitted or decompression failed$Current version is :$Download is stopped by user. Update is aborted.$FOLDER$GUP Command Argument Help$MSGID_CLOSEAPP$MSGID_DOWNLOADSTOPPED$MSGID_UNZIPFAILED$MSGID_VERSIONCURRENT$MSGID_VERSIONNEW$T$TEMP$TMP$Usage :gup --helpgup -optionsgup [-verbose] [-vVERSION_VALUE] [-pCUSTOM_PARAM]gup -clean FOLDER_TO_ACTIONgup -unzipTo [-clea$\Notepad++$explorer.exe$open
                                                                                                                                                                                                                  • API String ID: 3189632864-338911076
                                                                                                                                                                                                                  • Opcode ID: 1b47c4103da1219b2c2abac5a94df332ce98e278b8a29dd3e33cdd6d93e86d63
                                                                                                                                                                                                                  • Instruction ID: b12e2033954e50da815f31401f52e54776b8dd372524d7b03e28b58119fe42af
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b47c4103da1219b2c2abac5a94df332ce98e278b8a29dd3e33cdd6d93e86d63
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68E19362F14742A6EB00EF64D4443BC63A2EF48798F815731EA6D13AD9DF78E1989360
                                                                                                                                                                                                                  Function 00007FF73E4CE080 Relevance: 44.1, APIs: 21, Strings: 4, Instructions: 394windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2504 7ff73e4ce080-7ff73e4ce0e0 call 7ff73e553260 curl_easy_init 2507 7ff73e4ce0e6-7ff73e4ce102 2504->2507 2508 7ff73e4ce6a7-7ff73e4ce6af 2504->2508 2511 7ff73e4ce6f8-7ff73e4ce6fd call 7ff73e4c27a0 2507->2511 2512 7ff73e4ce108-7ff73e4ce10d 2507->2512 2509 7ff73e4ce6b1-7ff73e4ce6c1 MessageBoxA 2508->2509 2510 7ff73e4ce6c7 2508->2510 2509->2510 2514 7ff73e4ce6c9-7ff73e4ce6eb call 7ff73e4ff880 2510->2514 2520 7ff73e4ce6fe-7ff73e4ce703 call 7ff73e5386d8 2511->2520 2515 7ff73e4ce10f 2512->2515 2516 7ff73e4ce112-7ff73e4ce13e call 7ff73e4d60d0 2512->2516 2515->2516 2523 7ff73e4ce140 2516->2523 2524 7ff73e4ce147-7ff73e4ce155 call 7ff73e4d5070 2516->2524 2529 7ff73e4ce704-7ff73e4ce709 call 7ff73e5386d8 2520->2529 2523->2524 2530 7ff73e4ce15b-7ff73e4ce1bb call 7ff73e4d5550 call 7ff73e4d5070 call 7ff73e4d5130 2524->2530 2531 7ff73e4ce1fc-7ff73e4ce204 2524->2531 2539 7ff73e4ce70a-7ff73e4ce70f call 7ff73e5386d8 2529->2539 2535 7ff73e4ce2a7-7ff73e4ce307 call 7ff73e4da6e0 call 7ff73e4daa60 call 7ff73e4da5f0 curl_easy_setopt 2530->2535 2559 7ff73e4ce1c1-7ff73e4ce1d8 2530->2559 2531->2535 2536 7ff73e4ce20a-7ff73e4ce26e call 7ff73e4d5550 call 7ff73e4d5070 call 7ff73e4d5130 2531->2536 2561 7ff73e4ce33b-7ff73e4ce3a1 curl_easy_setopt * 3 call 7ff73e4d46a0 call 7ff73e4d4fe0 2535->2561 2562 7ff73e4ce309-7ff73e4ce31b 2535->2562 2536->2535 2563 7ff73e4ce270-7ff73e4ce287 2536->2563 2551 7ff73e4ce710-7ff73e4ce715 call 7ff73e5386d8 2539->2551 2566 7ff73e4ce716-7ff73e4ce71b call 7ff73e5386d8 2551->2566 2564 7ff73e4ce2a2 call 7ff73e4ff8a0 2559->2564 2565 7ff73e4ce1de-7ff73e4ce1f1 2559->2565 2582 7ff73e4ce44c-7ff73e4ce4b4 call 7ff73e4da6e0 call 7ff73e4daa60 call 7ff73e4da5f0 curl_easy_setopt 2561->2582 2583 7ff73e4ce3a7-7ff73e4ce413 call 7ff73e4d4fe0 call 7ff73e4d5070 call 7ff73e4d4fe0 call 7ff73e4d5070 call 7ff73e4d4fe0 2561->2583 2568 7ff73e4ce336 call 7ff73e4ff8a0 2562->2568 2569 7ff73e4ce31d-7ff73e4ce330 2562->2569 2563->2564 2571 7ff73e4ce289-7ff73e4ce29c 2563->2571 2564->2535 2573 7ff73e4ce6f2-7ff73e4ce6f7 call 7ff73e5386d8 2565->2573 2574 7ff73e4ce1f7 2565->2574 2568->2561 2569->2529 2569->2568 2571->2520 2571->2564 2573->2511 2574->2564 2596 7ff73e4ce4b6-7ff73e4ce4c8 2582->2596 2597 7ff73e4ce4e8-7ff73e4ce502 curl_easy_setopt 2582->2597 2611 7ff73e4ce415-7ff73e4ce43f call 7ff73e553620 2583->2611 2612 7ff73e4ce441-7ff73e4ce447 call 7ff73e4d5c00 2583->2612 2599 7ff73e4ce4e3 call 7ff73e4ff8a0 2596->2599 2600 7ff73e4ce4ca-7ff73e4ce4dd 2596->2600 2602 7ff73e4ce504-7ff73e4ce50c 2597->2602 2603 7ff73e4ce512 2597->2603 2599->2597 2600->2539 2600->2599 2602->2603 2606 7ff73e4ce50e-7ff73e4ce510 2602->2606 2607 7ff73e4ce514-7ff73e4ce516 2603->2607 2606->2607 2609 7ff73e4ce5e6-7ff73e4ce617 curl_easy_setopt curl_easy_perform curl_easy_cleanup 2607->2609 2610 7ff73e4ce51c-7ff73e4ce535 call 7ff73e4da6e0 2607->2610 2613 7ff73e4ce650-7ff73e4ce66b 2609->2613 2614 7ff73e4ce619-7ff73e4ce630 2609->2614 2626 7ff73e4ce53e-7ff73e4ce589 call 7ff73e4daa60 call 7ff73e4da5f0 curl_easy_setopt 2610->2626 2627 7ff73e4ce537 2610->2627 2611->2582 2612->2582 2621 7ff73e4ce69f-7ff73e4ce6a1 2613->2621 2622 7ff73e4ce66d-7ff73e4ce683 2613->2622 2618 7ff73e4ce632-7ff73e4ce645 2614->2618 2619 7ff73e4ce64b call 7ff73e4ff8a0 2614->2619 2618->2566 2618->2619 2619->2613 2621->2508 2623 7ff73e4ce6a3-7ff73e4ce6a5 2621->2623 2628 7ff73e4ce685-7ff73e4ce698 2622->2628 2629 7ff73e4ce69a call 7ff73e4ff8a0 2622->2629 2623->2514 2638 7ff73e4ce58b-7ff73e4ce59d 2626->2638 2639 7ff73e4ce5bd-7ff73e4ce5e0 curl_easy_setopt * 2 2626->2639 2627->2626 2628->2629 2630 7ff73e4ce6ec-7ff73e4ce6f1 call 7ff73e5386d8 2628->2630 2629->2621 2630->2573 2640 7ff73e4ce59f-7ff73e4ce5b2 2638->2640 2641 7ff73e4ce5b8 call 7ff73e4ff8a0 2638->2641 2639->2609 2640->2551 2640->2641 2641->2639
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: curl_easy_setopt$_invalid_parameter_noinfo_noreturn$Messagecurl_easy_cleanupcurl_easy_initcurl_easy_perform
                                                                                                                                                                                                                  • String ID: &param=$5.28$?version=$curl error
                                                                                                                                                                                                                  • API String ID: 2664052361-4276137463
                                                                                                                                                                                                                  • Opcode ID: 739b1c2f61d54fa8ee57cde9739a17e79c0790a68b5329c716b54f4c418f4a9f
                                                                                                                                                                                                                  • Instruction ID: 7dcfd01623c1a1f02c1eaec4573f700c5c2571d2dcbc75327af38c415e915aec
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 739b1c2f61d54fa8ee57cde9739a17e79c0790a68b5329c716b54f4c418f4a9f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA02A462B18747B1EA00EB55D8543BDA321EB89794FC11232FA5D03AE9DF3CE589E710
                                                                                                                                                                                                                  Function 00007FFE004D1A70 Relevance: 28.4, APIs: 1, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2948 7ffe004d1a70-7ffe004d1aa9 2949 7ffe004d1e4e-7ffe004d1e55 2948->2949 2950 7ffe004d1aaf-7ffe004d1ab3 2948->2950 2951 7ffe004d1e5c-7ffe004d1e6a 2949->2951 2952 7ffe004d1e57-7ffe004d1e5a 2949->2952 2953 7ffe004d1c69-7ffe004d1c70 2950->2953 2954 7ffe004d1ab9-7ffe004d1abd 2950->2954 2955 7ffe004d1e6c-7ffe004d1e73 2951->2955 2956 7ffe004d1eaf-7ffe004d1ec7 call 7ffe004fabb0 2951->2956 2952->2955 2957 7ffe004d1c72-7ffe004d1c89 call 7ffe004c2900 2953->2957 2958 7ffe004d1cd0-7ffe004d1cde 2953->2958 2954->2953 2959 7ffe004d1ac3-7ffe004d1ac7 2954->2959 2955->2956 2960 7ffe004d1e75-7ffe004d1e7c 2955->2960 2986 7ffe004d1ec9-7ffe004d1ede call 7ffe004c2900 2956->2986 2987 7ffe004d1ee4-7ffe004d1efc call 7ffe004fabb0 2956->2987 2980 7ffe004d218b-7ffe004d21ab call 7ffe00511550 2957->2980 2981 7ffe004d1c8f-7ffe004d1cb9 call 7ffe004d0cf0 2957->2981 2965 7ffe004d1d1a-7ffe004d1d28 2958->2965 2966 7ffe004d1ce0-7ffe004d1ce7 2958->2966 2962 7ffe004d1ac9-7ffe004d1ade call 7ffe004c2900 2959->2962 2963 7ffe004d1b2e-7ffe004d1b35 2959->2963 2969 7ffe004d1e95-7ffe004d1ea9 call 7ffe004c28d0 2960->2969 2970 7ffe004d1e7e-7ffe004d1e93 call 7ffe004fabb0 2960->2970 2962->2980 2996 7ffe004d1ae4-7ffe004d1b02 call 7ffe004d0cf0 2962->2996 2967 7ffe004d1b3c-7ffe004d1b4a 2963->2967 2968 7ffe004d1b37-7ffe004d1b3a 2963->2968 2972 7ffe004d1d2a 2965->2972 2973 7ffe004d1d53-7ffe004d1d6b call 7ffe004fabb0 2965->2973 2966->2965 2975 7ffe004d1ce9-7ffe004d1cfe call 7ffe004fabb0 2966->2975 2977 7ffe004d1b4c-7ffe004d1b53 2967->2977 2978 7ffe004d1b8f-7ffe004d1ba7 call 7ffe004fabb0 2967->2978 2968->2977 2969->2956 2969->2980 2970->2956 2970->2969 2982 7ffe004d1d30-7ffe004d1d44 call 7ffe004c28d0 2972->2982 3010 7ffe004d1d9a-7ffe004d1da1 2973->3010 3011 7ffe004d1d6d-7ffe004d1d98 call 7ffe004d1080 2973->3011 2975->2965 3001 7ffe004d1d00-7ffe004d1d14 call 7ffe004c28d0 2975->3001 2977->2978 2990 7ffe004d1b55-7ffe004d1b5c 2977->2990 3024 7ffe004d1bd6-7ffe004d1bdf 2978->3024 3025 7ffe004d1ba9-7ffe004d1bd4 call 7ffe004d1080 2978->3025 3020 7ffe004d1cbf-7ffe004d1ccb call 7ffe004c0920 2981->3020 3021 7ffe004d1b21-7ffe004d1b29 2981->3021 2982->2980 3022 7ffe004d1d4a-7ffe004d1d51 2982->3022 2986->2980 2986->2987 3016 7ffe004d1f2b-7ffe004d1f32 2987->3016 3017 7ffe004d1efe-7ffe004d1f29 call 7ffe004d1080 2987->3017 3003 7ffe004d1b75-7ffe004d1b89 call 7ffe004c28d0 2990->3003 3004 7ffe004d1b5e-7ffe004d1b73 call 7ffe004fabb0 2990->3004 3023 7ffe004d1b07-7ffe004d1b0e 2996->3023 3001->2965 3001->2980 3003->2978 3003->2980 3004->2978 3004->3003 3014 7ffe004d1dac-7ffe004d1dbc call 7ffe004d4c00 3010->3014 3015 7ffe004d1da3-7ffe004d1daa 3010->3015 3033 7ffe004d1dc2-7ffe004d1dd9 call 7ffe004c2900 3011->3033 3014->2980 3014->3033 3015->3033 3036 7ffe004d1f3d-7ffe004d1f4d call 7ffe004d4c00 3016->3036 3037 7ffe004d1f34-7ffe004d1f3b 3016->3037 3050 7ffe004d1f53-7ffe004d1f5d 3017->3050 3056 7ffe004d2189 3020->3056 3031 7ffe004d2178-7ffe004d2184 call 7ffe004fbe60 3021->3031 3022->2973 3022->2982 3023->3021 3030 7ffe004d1b10-7ffe004d1b1c call 7ffe004c0920 3023->3030 3027 7ffe004d1be6-7ffe004d1bf6 call 7ffe004d4c00 3024->3027 3028 7ffe004d1be1-7ffe004d1be4 3024->3028 3043 7ffe004d1bfc-7ffe004d1c13 call 7ffe004c2900 3025->3043 3027->2980 3027->3043 3028->3027 3028->3043 3030->3056 3031->3056 3033->2980 3063 7ffe004d1ddf-7ffe004d1e34 call 7ffe004e8c50 call 7ffe004d0cf0 3033->3063 3036->2980 3036->3050 3037->3050 3043->2980 3067 7ffe004d1c19-7ffe004d1c4b call 7ffe004e8c50 call 7ffe004d0cf0 3043->3067 3059 7ffe004d20bc-7ffe004d20d3 call 7ffe004c2900 3050->3059 3060 7ffe004d1f63-7ffe004d1f6a 3050->3060 3056->2980 3059->2980 3071 7ffe004d20d9-7ffe004d20e0 3059->3071 3064 7ffe004d206f-7ffe004d20a4 call 7ffe004e8c50 3060->3064 3065 7ffe004d1f70-7ffe004d1f77 3060->3065 3094 7ffe004d1e3a-7ffe004d1e49 call 7ffe004c0920 3063->3094 3095 7ffe004d1c61-7ffe004d1c64 3063->3095 3081 7ffe004d20ab-7ffe004d20b5 call 7ffe004c2900 3064->3081 3065->3064 3070 7ffe004d1f7d-7ffe004d1f94 call 7ffe004c2900 3065->3070 3067->3095 3102 7ffe004d1c4d-7ffe004d1c5c call 7ffe004c0920 3067->3102 3070->2980 3082 7ffe004d1f9a-7ffe004d1fa1 3070->3082 3077 7ffe004d20f8-7ffe004d20ff 3071->3077 3078 7ffe004d20e2-7ffe004d20e9 3071->3078 3084 7ffe004d212a-7ffe004d2151 call 7ffe004d0cf0 3077->3084 3085 7ffe004d2101-7ffe004d2121 call 7ffe004e8c50 3077->3085 3078->3077 3083 7ffe004d20eb-7ffe004d20f6 3078->3083 3081->3084 3097 7ffe004d20b7 3081->3097 3089 7ffe004d1fbd-7ffe004d1fc3 3082->3089 3090 7ffe004d1fa3-7ffe004d1fb8 call 7ffe004c2900 3082->3090 3083->3081 3109 7ffe004d2153-7ffe004d2162 call 7ffe004c0920 3084->3109 3110 7ffe004d2164 3084->3110 3085->3084 3108 7ffe004d2123-7ffe004d2127 3085->3108 3099 7ffe004d1fc5-7ffe004d1fea call 7ffe004df210 call 7ffe004c28b0 3089->3099 3100 7ffe004d203e-7ffe004d2053 call 7ffe004c2900 3089->3100 3114 7ffe004d2057-7ffe004d2059 3090->3114 3094->3056 3104 7ffe004d2168-7ffe004d2175 3095->3104 3097->2980 3099->2980 3124 7ffe004d1ff0-7ffe004d1fff 3099->3124 3100->3114 3102->3056 3104->3031 3108->3084 3109->3056 3110->3104 3114->2980 3121 7ffe004d205f-7ffe004d206a call 7ffe004e8c50 3114->3121 3121->3084 3126 7ffe004d2000-7ffe004d2007 3124->3126 3126->3126 3127 7ffe004d2009-7ffe004d201d call 7ffe004c2900 3126->3127 3130 7ffe004d2032-7ffe004d2038 3127->3130 3131 7ffe004d201f-7ffe004d202d call 7ffe004c2900 3127->3131 3130->2980 3130->3100 3131->3130
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s$%x$0$100-continue$Content-Length$Content-Length: %I64d$Content-Length: 0$Content-Type$Content-Type: application/x-www-form-urlencoded$Expect$Expect:$Failed sending HTTP POST request$Failed sending HTTP request$Failed sending POST request$Failed sending PUT request
                                                                                                                                                                                                                  • API String ID: 0-502057143
                                                                                                                                                                                                                  • Opcode ID: 2f67b374040e23e95b0cd46980c22c70c90039cad63abd27f5c98cb92d582c29
                                                                                                                                                                                                                  • Instruction ID: 725f07837d8e228782d615c5daae0c73ca501e1d05f07e79366b64310cb9c85f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f67b374040e23e95b0cd46980c22c70c90039cad63abd27f5c98cb92d582c29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D129A72A08B83A4FB649B2595402B92790AF45BD4F484237DF9D4B7BDEF7CE5408348
                                                                                                                                                                                                                  Function 00007FF73E4CC5C0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 128windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$DialogSend$CommonControlsCreateInitWindow
                                                                                                                                                                                                                  • String ID: $Do you want to abort update download?$msctls_progress32
                                                                                                                                                                                                                  • API String ID: 1920177765-1990437172
                                                                                                                                                                                                                  • Opcode ID: cac877ed395807637a6dff5c72edd46b2a7abb379f2fa985479d7d05ca0ff1c6
                                                                                                                                                                                                                  • Instruction ID: 96b1f73a071bcd5520fa00bf61f4c3e3141d31f21578bbc0278882fd9c5940e0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cac877ed395807637a6dff5c72edd46b2a7abb379f2fa985479d7d05ca0ff1c6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4051B271A08642E6E750EB11EC6077AB3A2FB99B80F844035DD4E437A4CF7DE549D720
                                                                                                                                                                                                                  Function 00007FFE00509330 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 367encryptionCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3431 7ffe00509330-7ffe0050937b call 7ffe0050c750 3434 7ffe00509381-7ffe00509386 3431->3434 3435 7ffe00509987 3431->3435 3434->3435 3436 7ffe0050938c-7ffe005093a1 3434->3436 3437 7ffe005093a3-7ffe005093c5 3436->3437 3438 7ffe005093cb-7ffe005093d2 3436->3438 3437->3438 3446 7ffe0050997b 3437->3446 3439 7ffe005093fe-7ffe0050940f 3438->3439 3440 7ffe005093d4-7ffe005093e8 call 7ffe0052994c 3438->3440 3442 7ffe00509411-7ffe00509424 3439->3442 3443 7ffe00509472-7ffe00509475 3439->3443 3447 7ffe005093ee-7ffe005093f8 3440->3447 3452 7ffe00509426-7ffe00509469 call 7ffe004c0920 call 7ffe00511550 3442->3452 3453 7ffe0050946a-7ffe0050946e 3442->3453 3444 7ffe005094c2-7ffe00509559 call 7ffe005046a0 3443->3444 3445 7ffe00509477-7ffe00509498 call 7ffe004b8220 3443->3445 3444->3446 3465 7ffe0050955f-7ffe005095da call 7ffe00535710 3444->3465 3454 7ffe0050949d-7ffe005094a4 3445->3454 3446->3435 3447->3439 3447->3446 3453->3443 3456 7ffe005094aa-7ffe005094ac 3454->3456 3457 7ffe005096cb-7ffe005096d1 3454->3457 3462 7ffe005096b2-7ffe005096c1 call 7ffe004c0920 3456->3462 3463 7ffe005094b2-7ffe005094b5 3456->3463 3460 7ffe00509974 3457->3460 3461 7ffe005096d7-7ffe005096e0 3457->3461 3460->3446 3471 7ffe005096e7-7ffe00509707 call 7ffe004c0920 3461->3471 3462->3457 3463->3462 3467 7ffe005094bb-7ffe005094bf 3463->3467 3479 7ffe005095e0-7ffe005095e7 3465->3479 3480 7ffe00509967 3465->3480 3467->3444 3476 7ffe00509711 3471->3476 3478 7ffe00509719-7ffe00509720 3476->3478 3481 7ffe00509726-7ffe00509729 3478->3481 3482 7ffe0050996b 3478->3482 3483 7ffe005098bc-7ffe005098c1 3479->3483 3484 7ffe005095ed-7ffe005095f4 3479->3484 3480->3482 3485 7ffe00509734-7ffe0050973e call 7ffe0050c770 3481->3485 3486 7ffe0050972b 3481->3486 3482->3460 3487 7ffe00509950-7ffe00509959 3483->3487 3488 7ffe005098c7-7ffe005098e9 call 7ffe004f53f0 3483->3488 3489 7ffe005095ff-7ffe00509601 3484->3489 3490 7ffe005095f6-7ffe005095f9 3484->3490 3495 7ffe00509740-7ffe00509747 3485->3495 3496 7ffe00509749 3485->3496 3486->3485 3487->3480 3502 7ffe0050993f-7ffe0050994b call 7ffe004c0920 3488->3502 3503 7ffe005098eb-7ffe005098f2 3488->3503 3494 7ffe00509608-7ffe0050960c 3489->3494 3490->3488 3490->3489 3498 7ffe0050960e-7ffe00509612 3494->3498 3499 7ffe00509647-7ffe0050964e 3494->3499 3501 7ffe00509750-7ffe00509753 3495->3501 3496->3501 3498->3499 3500 7ffe00509614-7ffe0050962c call 7ffe004b8240 3498->3500 3504 7ffe00509650 3499->3504 3505 7ffe0050965d-7ffe00509666 3499->3505 3514 7ffe00509631-7ffe00509636 3500->3514 3507 7ffe0050987e-7ffe00509886 3501->3507 3508 7ffe00509759-7ffe00509787 3501->3508 3502->3487 3510 7ffe005098f4-7ffe005098fb 3503->3510 3511 7ffe00509929-7ffe00509935 call 7ffe004c0920 3503->3511 3504->3505 3505->3494 3512 7ffe00509668-7ffe0050966c 3505->3512 3516 7ffe005098a2-7ffe005098a6 3507->3516 3517 7ffe00509888-7ffe0050988c 3507->3517 3529 7ffe00509828-7ffe00509849 call 7ffe004f53f0 call 7ffe004c0920 3508->3529 3530 7ffe0050978d-7ffe00509795 3508->3530 3518 7ffe00509913-7ffe0050991f call 7ffe004c0920 3510->3518 3519 7ffe005098fd-7ffe00509909 call 7ffe004c0920 3510->3519 3511->3502 3512->3476 3520 7ffe00509672-7ffe00509677 3512->3520 3514->3471 3522 7ffe0050963c-7ffe00509641 3514->3522 3516->3460 3528 7ffe005098ac-7ffe005098b7 call 7ffe0050a140 3516->3528 3517->3460 3524 7ffe00509892-7ffe0050989d call 7ffe00509d60 3517->3524 3518->3511 3519->3518 3520->3476 3526 7ffe0050967d-7ffe00509687 3520->3526 3522->3471 3522->3499 3524->3516 3526->3478 3533 7ffe0050968d-7ffe005096aa call 7ffe00535710 3526->3533 3528->3483 3552 7ffe0050984e 3529->3552 3530->3529 3536 7ffe0050979b-7ffe0050979e 3530->3536 3533->3444 3549 7ffe005096b0 3533->3549 3541 7ffe00509853-7ffe00509856 3536->3541 3542 7ffe005097a4-7ffe005097ab 3536->3542 3545 7ffe0050985e-7ffe00509864 3541->3545 3546 7ffe00509858 CertFreeCertificateContext 3541->3546 3542->3541 3547 7ffe005097b1-7ffe005097d8 call 7ffe00535db0 call 7ffe0050f460 3542->3547 3545->3507 3550 7ffe00509866-7ffe00509875 call 7ffe004c0920 3545->3550 3546->3545 3547->3552 3558 7ffe005097da-7ffe005097e4 3547->3558 3549->3481 3550->3507 3552->3541 3559 7ffe005097e6-7ffe005097f0 3558->3559 3560 7ffe00509817-7ffe00509826 call 7ffe004c0920 3558->3560 3559->3560 3561 7ffe005097f2-7ffe00509804 call 7ffe0050c0a0 3559->3561 3560->3552 3561->3552 3566 7ffe00509806-7ffe00509815 call 7ffe004c0920 3561->3566 3566->3552
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CertFreeCertificateContext.CRYPT32 ref: 00007FFE00509858
                                                                                                                                                                                                                    • Part of subcall function 00007FFE004F53F0: GetLastError.KERNEL32 ref: 00007FFE004F5418
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0050A140: CertGetNameStringA.CRYPT32 ref: 00007FFE0050A22D
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0050A140: CertFreeCertificateContext.CRYPT32 ref: 00007FFE0050A4E6
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cert$CertificateContextFree$ErrorLastNameString
                                                                                                                                                                                                                  • String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key$schannel: %s$schannel: Failed to read remote certificate context: %s$schannel: SNI or certificate check failed: %s$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: unable to allocate memory$schannel: unable to re-allocate memory
                                                                                                                                                                                                                  • API String ID: 1131146079-413892695
                                                                                                                                                                                                                  • Opcode ID: f7d60e5cb3d71635911bd3db1a2881dbf45a1430d50dc6b1289584b1f5a82676
                                                                                                                                                                                                                  • Instruction ID: 0733be340113a9ffa82ec5959fd41ce37a66253a65af481e7fa333fb67aa97ef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7d60e5cb3d71635911bd3db1a2881dbf45a1430d50dc6b1289584b1f5a82676
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA026D72A0978286EB748FA5E4543AD67A0FB45788F444039DB8E47BAEDF7CE641C700
                                                                                                                                                                                                                  Function 00007FFE004BAE50 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 375COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3697 7ffe004bae50-7ffe004baeab 3698 7ffe004baeb0-7ffe004baecd call 7ffe004faa00 3697->3698 3701 7ffe004baed1-7ffe004baed8 3698->3701 3702 7ffe004bb078-7ffe004bb083 3701->3702 3703 7ffe004baede-7ffe004baee2 3701->3703 3702->3701 3704 7ffe004bb089-7ffe004bb08d 3702->3704 3703->3702 3705 7ffe004baee8-7ffe004baeec 3703->3705 3706 7ffe004bb091-7ffe004bb095 3704->3706 3707 7ffe004baef8-7ffe004baf02 3705->3707 3708 7ffe004baeee-7ffe004baef3 3705->3708 3709 7ffe004bb09b-7ffe004bb0a1 3706->3709 3710 7ffe004bb3ba 3706->3710 3711 7ffe004baf7b-7ffe004bafa5 call 7ffe004c0ab0 3707->3711 3712 7ffe004baf04-7ffe004baf06 3707->3712 3708->3702 3716 7ffe004bb0ab-7ffe004bb0bd call 7ffe004ba860 3709->3716 3717 7ffe004bb0a3-7ffe004bb0a5 3709->3717 3714 7ffe004bb3bd 3710->3714 3727 7ffe004bafb8-7ffe004bafbc 3711->3727 3728 7ffe004bafa7-7ffe004bafaa 3711->3728 3712->3711 3713 7ffe004baf08-7ffe004baf15 call 7ffe004b7ff0 3712->3713 3724 7ffe004baf1a-7ffe004baf1f 3713->3724 3720 7ffe004bb3bf-7ffe004bb3e5 call 7ffe00511550 3714->3720 3732 7ffe004bb380-7ffe004bb3b8 call 7ffe004faa90 call 7ffe004c0920 3716->3732 3733 7ffe004bb0c3-7ffe004bb0c5 3716->3733 3717->3716 3722 7ffe004bb251-7ffe004bb26b call 7ffe004c0ab0 3717->3722 3745 7ffe004bb270-7ffe004bb280 3722->3745 3724->3711 3736 7ffe004baf21-7ffe004baf23 3724->3736 3734 7ffe004bb075 3727->3734 3735 7ffe004bafc2-7ffe004bafc7 3727->3735 3730 7ffe004bb158-7ffe004bb170 3728->3730 3731 7ffe004bafb0-7ffe004bafb3 3728->3731 3730->3706 3731->3734 3732->3720 3738 7ffe004bb0cb-7ffe004bb0d7 3733->3738 3739 7ffe004bb244-7ffe004bb247 3733->3739 3734->3702 3740 7ffe004bafc9-7ffe004bafd2 WSASetLastError 3735->3740 3741 7ffe004bafd8-7ffe004bafef call 7ffe004ba860 3735->3741 3742 7ffe004baf2d-7ffe004baf52 call 7ffe004faa90 3736->3742 3743 7ffe004baf25-7ffe004baf2b 3736->3743 3746 7ffe004bb0dd-7ffe004bb0e1 3738->3746 3747 7ffe004bb192-7ffe004bb199 3738->3747 3739->3722 3751 7ffe004bb249-7ffe004bb24c 3739->3751 3740->3741 3766 7ffe004bb029-7ffe004bb037 3741->3766 3767 7ffe004baff1-7ffe004baff8 3741->3767 3769 7ffe004baf77 3742->3769 3770 7ffe004baf54-7ffe004baf70 call 7ffe004c0a10 3742->3770 3743->3711 3752 7ffe004bb2ae-7ffe004bb2bc call 7ffe004c0ab0 3745->3752 3753 7ffe004bb282-7ffe004bb2a0 call 7ffe004c0ab0 3745->3753 3746->3747 3755 7ffe004bb0e7-7ffe004bb0ee 3746->3755 3758 7ffe004bb19f-7ffe004bb1a3 3747->3758 3759 7ffe004bb234-7ffe004bb23e 3747->3759 3751->3714 3765 7ffe004bb2c1-7ffe004bb2cc 3752->3765 3753->3765 3773 7ffe004bb2a2-7ffe004bb2a7 3753->3773 3763 7ffe004bb0f6-7ffe004bb119 call 7ffe004faa90 3755->3763 3764 7ffe004bb0f0-7ffe004bb0f4 3755->3764 3758->3759 3768 7ffe004bb1a9-7ffe004bb1b0 3758->3768 3759->3698 3759->3739 3763->3747 3774 7ffe004bb11b-7ffe004bb148 call 7ffe004ba860 call 7ffe004ba990 3763->3774 3764->3763 3764->3774 3775 7ffe004bb2ce-7ffe004bb2d0 3765->3775 3776 7ffe004bb2d2 3765->3776 3772 7ffe004bb03b-7ffe004bb048 3766->3772 3778 7ffe004baffa 3767->3778 3779 7ffe004bb013 3767->3779 3780 7ffe004bb1b8-7ffe004bb1db call 7ffe004faa90 3768->3780 3781 7ffe004bb1b2-7ffe004bb1b6 3768->3781 3769->3711 3770->3769 3783 7ffe004bb058-7ffe004bb070 call 7ffe004c0ab0 call 7ffe004e18f0 3772->3783 3784 7ffe004bb04a-7ffe004bb056 call 7ffe004c0ab0 3772->3784 3773->3765 3785 7ffe004bb2a9-7ffe004bb2ac 3773->3785 3820 7ffe004bb14a-7ffe004bb156 call 7ffe004c0ab0 3774->3820 3821 7ffe004bb175-7ffe004bb18d call 7ffe004c0ab0 3774->3821 3775->3745 3786 7ffe004bb2d8-7ffe004bb2e4 3776->3786 3788 7ffe004bb000-7ffe004bb007 3778->3788 3793 7ffe004bb015-7ffe004bb027 call 7ffe004ba990 3779->3793 3780->3759 3789 7ffe004bb1dd-7ffe004bb20a call 7ffe004ba860 call 7ffe004ba990 3780->3789 3781->3780 3781->3789 3783->3734 3784->3734 3785->3786 3796 7ffe004bb2e6-7ffe004bb2ed 3786->3796 3797 7ffe004bb2ef-7ffe004bb2f7 3786->3797 3788->3779 3798 7ffe004bb009-7ffe004bb00f 3788->3798 3823 7ffe004bb20c-7ffe004bb218 call 7ffe004c0ab0 3789->3823 3824 7ffe004bb21a-7ffe004bb232 call 7ffe004c0ab0 3789->3824 3793->3772 3805 7ffe004bb319-7ffe004bb37e call 7ffe004f5d10 call 7ffe004faa90 call 7ffe004c0920 3796->3805 3807 7ffe004bb2f9-7ffe004bb300 3797->3807 3808 7ffe004bb302-7ffe004bb30a 3797->3808 3798->3788 3806 7ffe004bb011 3798->3806 3805->3720 3806->3793 3807->3805 3815 7ffe004bb30c-7ffe004bb313 3808->3815 3816 7ffe004bb315 3808->3816 3815->3805 3816->3805 3820->3747 3821->3747 3823->3759 3824->3759
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CounterPerformanceQuery
                                                                                                                                                                                                                  • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %I64dms, move on!$%s done$%s starting (timeout=%I64dms)$%s trying next$Connection timeout after %I64d ms$Failed to connect to %s port %u after %I64d ms: %s$all eyeballers failed
                                                                                                                                                                                                                  • API String ID: 2783962273-1732827642
                                                                                                                                                                                                                  • Opcode ID: 549238fb909df9f6ee5ed50814291f2e0a593e2f82d2d47464b3512f8eb522c9
                                                                                                                                                                                                                  • Instruction ID: dcd9f8e0be9e4a6541a224717a80ca44bc0929a0c4349e9bbf997c18ca1d1326
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 549238fb909df9f6ee5ed50814291f2e0a593e2f82d2d47464b3512f8eb522c9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C029C62A0878689FB609F69D0407BD37A1EB08B88F445136DF4D977ADDF78E146C388
                                                                                                                                                                                                                  Function 00007FFE004CE5D0 Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 328networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3836 7ffe004ce5d0-7ffe004ce61c 3837 7ffe004ce620-7ffe004ce627 3836->3837 3837->3837 3838 7ffe004ce629-7ffe004ce635 3837->3838 3839 7ffe004ce67a-7ffe004ce694 3838->3839 3840 7ffe004ce637-7ffe004ce64d call 7ffe004f5250 3838->3840 3842 7ffe004ce696-7ffe004ce69f call 7ffe004eef20 3839->3842 3843 7ffe004ce6a4-7ffe004ce6b9 call 7ffe004cec20 3839->3843 3848 7ffe004ce663-7ffe004ce66d call 7ffe004c0920 3840->3848 3849 7ffe004ce64f-7ffe004ce661 call 7ffe004f5250 3840->3849 3842->3843 3850 7ffe004ce6bb-7ffe004ce6d4 call 7ffe004c0a10 3843->3850 3851 7ffe004ce6d7-7ffe004ce6de 3843->3851 3858 7ffe004ce672-7ffe004ce675 3848->3858 3849->3839 3849->3848 3850->3851 3855 7ffe004ce6ed-7ffe004ce6f1 3851->3855 3856 7ffe004ce6e0-7ffe004ce6e8 call 7ffe004eef60 3851->3856 3861 7ffe004ce6f7-7ffe004ce701 3855->3861 3862 7ffe004ceab5-7ffe004ceac0 3855->3862 3856->3855 3863 7ffe004ceac3-7ffe004ceae9 call 7ffe00511550 3858->3863 3865 7ffe004ce737-7ffe004ce74c call 7ffe004db050 3861->3865 3866 7ffe004ce703-7ffe004ce731 call 7ffe004e1f60 * 2 3861->3866 3862->3863 3872 7ffe004ce76b-7ffe004ce780 call 7ffe004db050 3865->3872 3873 7ffe004ce74e-7ffe004ce765 call 7ffe004be260 3865->3873 3866->3858 3866->3865 3882 7ffe004ce782-7ffe004ce799 call 7ffe004be260 3872->3882 3883 7ffe004ce79f-7ffe004ce7a7 3872->3883 3873->3872 3881 7ffe004cea3b-7ffe004cea43 3873->3881 3886 7ffe004cea56-7ffe004cea78 call 7ffe004cda50 3881->3886 3887 7ffe004cea45-7ffe004cea51 call 7ffe004eef20 3881->3887 3882->3881 3882->3883 3884 7ffe004ce7e8-7ffe004ce7f9 call 7ffe004f5250 3883->3884 3885 7ffe004ce7a9-7ffe004ce7b7 3883->3885 3899 7ffe004ce8b2 3884->3899 3900 7ffe004ce7ff 3884->3900 3889 7ffe004ce7b9-7ffe004ce7ce call 7ffe004cdf80 3885->3889 3890 7ffe004ce7d4-7ffe004ce7e2 3885->3890 3901 7ffe004cea7a-7ffe004cea82 call 7ffe004eef60 3886->3901 3902 7ffe004cea87-7ffe004cea8c 3886->3902 3887->3886 3889->3890 3890->3858 3890->3884 3907 7ffe004ce8b5-7ffe004ce8be 3899->3907 3903 7ffe004ce802-7ffe004ce809 3900->3903 3901->3902 3905 7ffe004cea98-7ffe004cea9b 3902->3905 3906 7ffe004cea8e-7ffe004cea96 call 7ffe004be080 3902->3906 3903->3903 3909 7ffe004ce80b-7ffe004ce80f 3903->3909 3905->3862 3906->3862 3907->3907 3908 7ffe004ce8c0-7ffe004ce8f7 htons call 7ffe004db050 3907->3908 3920 7ffe004ce886-7ffe004ce88a 3908->3920 3921 7ffe004ce8f9-7ffe004ce913 3908->3921 3912 7ffe004ce832-7ffe004ce836 3909->3912 3913 7ffe004ce811-7ffe004ce82c call 7ffe004f52c0 3909->3913 3917 7ffe004ce838-7ffe004ce83f 3912->3917 3918 7ffe004ce855-7ffe004ce862 call 7ffe004cee70 3912->3918 3913->3899 3913->3912 3917->3918 3919 7ffe004ce841-7ffe004ce853 call 7ffe004c11f0 3917->3919 3918->3858 3929 7ffe004ce868-7ffe004ce875 call 7ffe004cda40 3918->3929 3933 7ffe004ce87a-7ffe004ce880 3919->3933 3920->3862 3926 7ffe004ce890-7ffe004ce8a2 3920->3926 3921->3920 3934 7ffe004ce919-7ffe004ce955 3921->3934 3930 7ffe004cea9d call 7ffe004b25b0 3926->3930 3931 7ffe004ce8a8-7ffe004ce8ad call 7ffe004c1370 3926->3931 3929->3933 3937 7ffe004ceaa2-7ffe004ceaa4 3930->3937 3931->3937 3933->3881 3933->3920 3938 7ffe004ce960-7ffe004ce96f 3934->3938 3937->3858 3940 7ffe004ceaaa-7ffe004ceab1 3937->3940 3938->3938 3941 7ffe004ce971-7ffe004ce97b 3938->3941 3940->3862 3941->3941 3942 7ffe004ce97d-7ffe004ce992 3941->3942 3944 7ffe004cea38 3942->3944 3945 7ffe004ce998-7ffe004ce9cd htons call 7ffe004db050 3942->3945 3944->3881 3945->3944 3948 7ffe004ce9cf-7ffe004cea1d 3945->3948 3949 7ffe004cea21-7ffe004cea30 3948->3949 3949->3949 3950 7ffe004cea32-7ffe004cea36 3949->3950 3950->3881
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: htons
                                                                                                                                                                                                                  • String ID: .localhost$.onion$.onion.$127.0.0.1$::1$Hostname %s was found in DNS cache$Not resolving .onion address (RFC 7686)$localhost
                                                                                                                                                                                                                  • API String ID: 4207154920-2421204314
                                                                                                                                                                                                                  • Opcode ID: 1abce2b5bc3defacd5f0c4d5f7c875044f6efa3fbb799592f85f9be739c7d37f
                                                                                                                                                                                                                  • Instruction ID: 2e84bd784cf7f710d06e831b825c13e247ed3fcb9fd8373dac96b1145666ab46
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1abce2b5bc3defacd5f0c4d5f7c875044f6efa3fbb799592f85f9be739c7d37f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44E17B62B08B829AFBA49F22C5407BD27A1FB44B88F448535CB0D577AAEF3CE455C344
                                                                                                                                                                                                                  Function 00007FF73E4D8B10 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 259COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: GUPOptions$Proxy$gupOptions.xml$port$server
                                                                                                                                                                                                                  • API String ID: 879052547-603323400
                                                                                                                                                                                                                  • Opcode ID: 5b53edfaf0b5729d8631af808ba926b8978ebec304cb1ba447a412d86911e389
                                                                                                                                                                                                                  • Instruction ID: eb60208595e3250b7467cb332344bc03bdd579657ec4a2cfa834f083077b77db
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b53edfaf0b5729d8631af808ba926b8978ebec304cb1ba447a412d86911e389
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45B1A363E09743A1EE40EB15D4542BEA361FF9D794F825231EA5C426E6DF3CE488E710
                                                                                                                                                                                                                  Function 00007FFE004EAE00 Relevance: 13.7, APIs: 9, Instructions: 249networksleepCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$Sleep$select
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2442476585-0
                                                                                                                                                                                                                  • Opcode ID: a37cddf9805a17e16b9df51174f088633cbfd8b4778cf4cc41200e07584fd447
                                                                                                                                                                                                                  • Instruction ID: 0e8b13481384345ab44054e466fe8d9225b3cc397ee5d590e5d061e4cfc787ad
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a37cddf9805a17e16b9df51174f088633cbfd8b4778cf4cc41200e07584fd447
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82A1D272A086C686EB794F25D4147BA62A1FF44BA4F104234EB2E577ECDF3DE950C209
                                                                                                                                                                                                                  Function 00007FFE0052901C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                  • Opcode ID: b7ec6733e66509c062218d07b1a9c4d943c39dec65aa5e16cb2a136771e4cae3
                                                                                                                                                                                                                  • Instruction ID: 1b3b18ca8682584a710e28349ec05fb73a7bb24829a9e820b6b431338876d63a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7ec6733e66509c062218d07b1a9c4d943c39dec65aa5e16cb2a136771e4cae3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2841D022B19A0745FB36CB96A8186B62395BF5ABA0F484135DE0D877BCEF3CE445C300
                                                                                                                                                                                                                  Function 00007FFE00511870 Relevance: 12.2, APIs: 8, Instructions: 228COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 190073905-0
                                                                                                                                                                                                                  • Opcode ID: 2c8472aaf90a3722b064682a63adc1dce263db83c9e47c65319e5ea504de7284
                                                                                                                                                                                                                  • Instruction ID: 4b2d997640dd0f00bf74ee789294b709312b38a3d5cb5c19257d2b980419655c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c8472aaf90a3722b064682a63adc1dce263db83c9e47c65319e5ea504de7284
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C181E421E0CE0786FB74AB6694512F926D2AF85780F0485B5EB0D473BEEF3CE8458708
                                                                                                                                                                                                                  Function 00007FFE004B2A60 Relevance: 12.2, APIs: 8, Instructions: 168COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$closesocket$CloseDeleteEnterHandleInitializeLeavesocket
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1940056153-0
                                                                                                                                                                                                                  • Opcode ID: 028cec03027b2d6ba1471f34dba324f63053a77ceba37e318ec29eb4b37460b0
                                                                                                                                                                                                                  • Instruction ID: e0145562b4d223c4a6cd2d4c08dcfbd3910a428ccfb2f3510675dd11f41773a9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 028cec03027b2d6ba1471f34dba324f63053a77ceba37e318ec29eb4b37460b0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B814732A08B8186E664DF22E55426A7360FB98B60F145335DBAE437A6DFB8F0D5C340
                                                                                                                                                                                                                  Function 00007FF73E542580 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 5077d851b6bd13c7ed46389ab42271a58ebf6ba85621db174e7e0817f4b189b5
                                                                                                                                                                                                                  • Instruction ID: e4d8506d5b8d2c7443527396dbcb712afb66544d63f02d006d2e64925f68a86b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5077d851b6bd13c7ed46389ab42271a58ebf6ba85621db174e7e0817f4b189b5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CC1D33690C7A261E765BB5198602BDBB90EF81B90FE50131EA4D03791DF7CE84CEB20
                                                                                                                                                                                                                  Function 00007FFE004B5B00 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 130networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$connect
                                                                                                                                                                                                                  • String ID: connect to %s port %u failed: %s$connected$not connected yet
                                                                                                                                                                                                                  • API String ID: 375857812-1298359922
                                                                                                                                                                                                                  • Opcode ID: 0772b4aabfb5d9317ec93b4a0bc28e97e1559366e1e3d0a88a9da70af3d874ef
                                                                                                                                                                                                                  • Instruction ID: f76b430350d4535d31a6074d9be95cfe4cc50738bf91fd20f4696de86447b77f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0772b4aabfb5d9317ec93b4a0bc28e97e1559366e1e3d0a88a9da70af3d874ef
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B51F032A0CA8685FB609B35D4043F96761EB45BA8F484231DF2D8B3EEDF2CE4818354
                                                                                                                                                                                                                  Function 00007FF73E4CC440 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowsleepCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$SleepTextWindow
                                                                                                                                                                                                                  • String ID: Downloading %s: %Iu %%
                                                                                                                                                                                                                  • API String ID: 3045854461-2739416863
                                                                                                                                                                                                                  • Opcode ID: e4ff4611aa8c43a7f8eac4f3ce7c8c1b3a21f8315c5a876a8fff92d309c01687
                                                                                                                                                                                                                  • Instruction ID: 597f9fd30766a5446d1633bf2f7ab59771ae34b9b9801c56eae25bfb3edce9a9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4ff4611aa8c43a7f8eac4f3ce7c8c1b3a21f8315c5a876a8fff92d309c01687
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C31C950E18E47A5F712A735A821376E351FF99744FC19231E94E23660DF3CA18AD710
                                                                                                                                                                                                                  Function 00007FFE004B2950 Relevance: 10.6, APIs: 7, Instructions: 67networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalErrorLastSection$Leave$Enterfreeaddrinfogetaddrinfosend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 891401596-0
                                                                                                                                                                                                                  • Opcode ID: 23e7518ed87876aea161ae54229f13d31d9f6ec80fa8827c3012d2a59c2cda68
                                                                                                                                                                                                                  • Instruction ID: 6a838808850f56714b0dd2eedd9a0c589dcddf82c86429f0a490e3bbf51a46c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23e7518ed87876aea161ae54229f13d31d9f6ec80fa8827c3012d2a59c2cda68
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B316372A08A4686EB709F35D45026933A0FB48B98F040131DB5E837BCDF7CE585C740
                                                                                                                                                                                                                  Function 00007FF73E4CA240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ImageLoadMessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2779929661-3916222277
                                                                                                                                                                                                                  • Opcode ID: 96c613a7857646373ad2384b5b6d3457c15e355bdb1cee48e450cc9fc12a2e4d
                                                                                                                                                                                                                  • Instruction ID: cd0271450e69252e8b6385f3ff8a57090d68c507c282bdcfec854e38dfad42f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96c613a7857646373ad2384b5b6d3457c15e355bdb1cee48e450cc9fc12a2e4d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62119071618601E2EB209F01E824379B3A1FB49BC8F980034EE8D07B64CF7DD589EB20
                                                                                                                                                                                                                  Function 00007FF73E4DA6E0 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_Locinfo_ctorSetgloballocalestd::locale::_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2975939472-0
                                                                                                                                                                                                                  • Opcode ID: 0c48f7baead120cff1e03a99decbdd05a8c9a1d39cb9c783bc3247f8421d8915
                                                                                                                                                                                                                  • Instruction ID: cac125e5d9a56a9fc716d30d3f63610c02c9c5be77eeca00db30c8ac394aa13e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c48f7baead120cff1e03a99decbdd05a8c9a1d39cb9c783bc3247f8421d8915
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88817D32A09B4296EB50EB61D8602ADB3B4EF44B44F844135EE4E27B56DF3CE469E350
                                                                                                                                                                                                                  Function 00007FFE0051F9BC Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2067211477-0
                                                                                                                                                                                                                  • Opcode ID: 00311077c7c71c892fd5f7bec30036eb420c2545f09a9249434784cded6183d1
                                                                                                                                                                                                                  • Instruction ID: dc4d10185cf96588e8c85868bf52536dcef9c0376ddbe8328fd07e15a82f8030
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00311077c7c71c892fd5f7bec30036eb420c2545f09a9249434784cded6183d1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD212965A0DB4686EE34EB65A4501BAB3A2AF98BD0F084535EF4D4777DDF3CE4008740
                                                                                                                                                                                                                  Function 00007FFE00507800 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163encryptionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CertCloseStore
                                                                                                                                                                                                                  • String ID: schannel: ApplyControlToken failure: %s$schannel: failed to send close msg: %s (bytes written: %zd)$schannel: shutting down SSL/TLS connection with %s port %d
                                                                                                                                                                                                                  • API String ID: 3257488527-3473387036
                                                                                                                                                                                                                  • Opcode ID: c8e09b4cac4049769f40284beb7174ecfe55bdff557c0ec1fdfe5b09f068061e
                                                                                                                                                                                                                  • Instruction ID: 6167bc5f93e7c9472280ef626195960be2093545e7c4d6665c1c6e921c6e3d2e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8e09b4cac4049769f40284beb7174ecfe55bdff557c0ec1fdfe5b09f068061e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66815636A09B4586EB64CF66E4906AD37A4FB88B88F044135DF8D13B6CDF38E591C740
                                                                                                                                                                                                                  Function 00007FFE004B60F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$getpeername
                                                                                                                                                                                                                  • String ID: getpeername() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
                                                                                                                                                                                                                  • API String ID: 664652874-4047410615
                                                                                                                                                                                                                  • Opcode ID: e1a7871dee6f963cd5843f34908358f856755cf14308972f988587c380c51c89
                                                                                                                                                                                                                  • Instruction ID: 0bf2be46b543a240dc5ef20d81815ac4517bebaff093c0702f787b805bba4315
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1a7871dee6f963cd5843f34908358f856755cf14308972f988587c380c51c89
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09517172A18BC686EB30DB15E4407EA6360FB99B88F415136DB8C4776ADF3CE195C740
                                                                                                                                                                                                                  Function 00007FFE004B5DF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastsend
                                                                                                                                                                                                                  • String ID: Send failure: %s$send(len=%zu) -> %d, err=%d
                                                                                                                                                                                                                  • API String ID: 1802528911-343019339
                                                                                                                                                                                                                  • Opcode ID: 51c3d471265b2a5cb370098716aec1141742321ab83d7def85fc0a55cb033fa3
                                                                                                                                                                                                                  • Instruction ID: 5c9f0f896f6da79a7a8395ab99e3752dce2f8bcb4b82488eaa4baa64c9542031
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51c3d471265b2a5cb370098716aec1141742321ab83d7def85fc0a55cb033fa3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64319C72604B8186EB709F12E8907EA7760FB88BA5F004132DF5D477A9DF3CD1568B00
                                                                                                                                                                                                                  Function 00007FFE004B79A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$getsockname
                                                                                                                                                                                                                  • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                                                                                                                                                                                  • API String ID: 3066790409-2605427207
                                                                                                                                                                                                                  • Opcode ID: 7a7bbb821a967cb22b1128615a3a0034c74448451502dfda408481d85a6a1048
                                                                                                                                                                                                                  • Instruction ID: cfed5f29d88af3b46fbfcd45689564efe629ce2876afa5e53070804392255891
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a7bbb821a967cb22b1128615a3a0034c74448451502dfda408481d85a6a1048
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE313032A1C7C682EA60DB15E4503FE6361FBD9784F405236EB8C4776ADF6CE2958B40
                                                                                                                                                                                                                  Function 00007FF73E4CC300 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$InfoParametersRectSystem
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 2924383788-2766056989
                                                                                                                                                                                                                  • Opcode ID: d6671dca1a615be4fa66af19bd2055ebd0cff4da2be61285c6c1d2c7cb63d13f
                                                                                                                                                                                                                  • Instruction ID: 5a4fac80888a154b2181024e444216c22b2e8ccbd073b21abb2c4a0c5587451f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6671dca1a615be4fa66af19bd2055ebd0cff4da2be61285c6c1d2c7cb63d13f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08214C76628A418BD304CF39E84445ABB62F7C8B80B558224FA8993B58CF7CE909CF40
                                                                                                                                                                                                                  Function 00007FFE004B78C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastrecv
                                                                                                                                                                                                                  • String ID: Recv failure: %s$nw_in_read(len=%zu) -> %d, err=%d
                                                                                                                                                                                                                  • API String ID: 2514157807-3768538270
                                                                                                                                                                                                                  • Opcode ID: 596bf617ae478047449ee12e1533dc9299d7870deba70778939caad0649c296c
                                                                                                                                                                                                                  • Instruction ID: eb40d0ab1680b71e0cd752ec54b54cf758420427a3b49ba44abd3d9c6535e045
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 596bf617ae478047449ee12e1533dc9299d7870deba70778939caad0649c296c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70219F76A08B4586EB609F26E4907A97760AB88BB4F408336DF6D477E9DF3CE0418700
                                                                                                                                                                                                                  Function 00007FFE004C0700 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: GetModuleHandleA.KERNEL32 ref: 00007FFE00504476
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00504430: GetProcAddress.KERNEL32 ref: 00007FFE00504486
                                                                                                                                                                                                                    • Part of subcall function 00007FFE004F6AC0: GetModuleHandleA.KERNEL32(?,00000001,00000002,00007FFE004C0749,?,?,?,?,?,?,00007FFE004D784E), ref: 00007FFE004F6AD4
                                                                                                                                                                                                                  • GetProcAddressForCaller.KERNELBASE(?,?,?,?,?,?,00007FFE004D784E,?,?,?,?,?,?,?,?,?), ref: 00007FFE004C075F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc$Caller
                                                                                                                                                                                                                  • String ID: InitSecurityInterfaceA$secur32.dll$security.dll
                                                                                                                                                                                                                  • API String ID: 2824060896-3788156360
                                                                                                                                                                                                                  • Opcode ID: 5abbce397860c23ec8fdf003cfbc82517e2dd887dea7321917f4c2e18a9287a1
                                                                                                                                                                                                                  • Instruction ID: 5843b300c5a33657c2c5fc4b64e6fe7e6ebd64900803822d23adc12c09e473e3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5abbce397860c23ec8fdf003cfbc82517e2dd887dea7321917f4c2e18a9287a1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51015E65F19B4282EFAC9B14A8927656390BF44740F885538EB4E43779EF3CE158CA00
                                                                                                                                                                                                                  Function 00007FF73E545F30 Relevance: 6.2, APIs: 4, Instructions: 219COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF73E545F1B), ref: 00007FF73E54604C
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF73E545F1B), ref: 00007FF73E5460D7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                                  • Opcode ID: 33ec061b06ac55cf042606fe807404e5fc41f7e105ae903a433e8e2f96d8521a
                                                                                                                                                                                                                  • Instruction ID: fd2b6c4c0988fdc880f4984083822317d93be9bd50921f2b1050a480bf96d4a0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33ec061b06ac55cf042606fe807404e5fc41f7e105ae903a433e8e2f96d8521a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A913B72F08666A5FB50EF658C603BDABA0BB00788FA45139DE0E53685CF7CD449DB20
                                                                                                                                                                                                                  Function 00007FFE00506F40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: schannel: timed out sending data (bytes sent: %zd)$select/poll on SSL socket, errno: %d
                                                                                                                                                                                                                  • API String ID: 0-3891197721
                                                                                                                                                                                                                  • Opcode ID: 89618036fe0ca2bf5dbfb95ddce3b79e0010745ae917f1667a46b11dbf195f79
                                                                                                                                                                                                                  • Instruction ID: ea7c7498fa77a838647a0243084ac04a493207419d65f4404ed67f3bb684eddc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89618036fe0ca2bf5dbfb95ddce3b79e0010745ae917f1667a46b11dbf195f79
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B717172F08B068AFB20CFA5D4546AD37A5AB48BA8F404235DF2D577E8DF38A516C740
                                                                                                                                                                                                                  Function 00007FFE00508C90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
                                                                                                                                                                                                                  • API String ID: 0-3791222319
                                                                                                                                                                                                                  • Opcode ID: e5109eaa4d5d5f29308f3b43808cabf5fadf9d456639888f5907aba9d52ea53e
                                                                                                                                                                                                                  • Instruction ID: 680e1598157cb4962fa523a937dd615c17855c0aeb1b6932afa10b29eaccc74f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5109eaa4d5d5f29308f3b43808cabf5fadf9d456639888f5907aba9d52ea53e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5741E232B0C64281FB749A629600A7E6795AF51BA4F148630DFAD477FEEF3CE6418700
                                                                                                                                                                                                                  Function 00007FF73E4C63A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                  • String ID: ios_base::badbit set
                                                                                                                                                                                                                  • API String ID: 73155330-3882152299
                                                                                                                                                                                                                  • Opcode ID: f7afa72443acca90c3a6c68f6f628eb56cf52da539b6b9dcc513935d4ec4dbd2
                                                                                                                                                                                                                  • Instruction ID: 7276e3b6e0f47b5b370a91b2893bcb86ea222a3371c9b4f610a394d21ec0e359
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7afa72443acca90c3a6c68f6f628eb56cf52da539b6b9dcc513935d4ec4dbd2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5031E561B09B47B1EE10BB12A5042B9F355EF08FE0F958531EA9D077D5DE7CE0899328
                                                                                                                                                                                                                  Function 00007FFE004BE0B0 Relevance: 4.6, APIs: 3, Instructions: 123networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastfreeaddrinfogetaddrinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1817844550-0
                                                                                                                                                                                                                  • Opcode ID: ebbeb45ce4fbaae858f15550eb69ad0f012d451e731bb0f99066075ced1df7d2
                                                                                                                                                                                                                  • Instruction ID: e682cc246f3b546a39af6e2259aae595bf5eb15df899c34ef15862ad05cb28eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebbeb45ce4fbaae858f15550eb69ad0f012d451e731bb0f99066075ced1df7d2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC51A132A09B4586EA79CF16E540679B3A5FB88B90F184535DF9E83BA8DF3CE441C704
                                                                                                                                                                                                                  Function 00007FFE004E5003 Relevance: 4.6, APIs: 3, Instructions: 99networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Event$EnumEventsNetworkResetSelect
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 154046648-0
                                                                                                                                                                                                                  • Opcode ID: 61b4b7f54e8b7c508298d37364fd79c2ba9bdead117070bf9b66dffa02848604
                                                                                                                                                                                                                  • Instruction ID: f88fdb633aa245cdf5b6746f9abe2c56bb00c4f9152ad0db4ea461c43f056422
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61b4b7f54e8b7c508298d37364fd79c2ba9bdead117070bf9b66dffa02848604
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4416232F19A8287FB648A25945077AA7A0EB80784F551035EB4E8377CDF3DE8448B04
                                                                                                                                                                                                                  Function 00007FF73E504C6C Relevance: 4.6, APIs: 3, Instructions: 95COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2115809835-0
                                                                                                                                                                                                                  • Opcode ID: 9b7ab6e597dc553d993c73c2d3d0304b78badde8a6d5f30606e4b6146b3ff8c5
                                                                                                                                                                                                                  • Instruction ID: 70e9c540c5894bfc2918f363692fa6d1fcc856a8c3e7b73adfca18f59308552b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b7ab6e597dc553d993c73c2d3d0304b78badde8a6d5f30606e4b6146b3ff8c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25419F36605B45A1EB14EF12E8A0269A360FB88FC4F844432EE5D43B69EF3CD959D350
                                                                                                                                                                                                                  Function 00007FFE004E506C Relevance: 4.6, APIs: 3, Instructions: 95networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Event$EnumEventsNetworkResetSelect
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 154046648-0
                                                                                                                                                                                                                  • Opcode ID: c9e7d1d4a8165d34d589c875888eb467fccc316c49427a258017c12332866bf1
                                                                                                                                                                                                                  • Instruction ID: 9e44eb1f23f44c6e8a3c91a0ac5fe5cc774c443f7e3ffa08b172293d06db43d0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9e7d1d4a8165d34d589c875888eb467fccc316c49427a258017c12332866bf1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D413032F1DA8287FB658A259454779A7A0EB84784F551031EB8E837BCDF3DE844CB04
                                                                                                                                                                                                                  Function 00007FFE004E5034 Relevance: 4.6, APIs: 3, Instructions: 95networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Event$EnumEventsNetworkResetSelect
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 154046648-0
                                                                                                                                                                                                                  • Opcode ID: 5bebbca2467fb2e64be47ce4941dfdda52ee5d23499ad9dbe5b50206ae092526
                                                                                                                                                                                                                  • Instruction ID: f63bbb582682d7f7b05297d7948a19865b6f6b95cc1828e51d8052c4e0ccaa04
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bebbca2467fb2e64be47ce4941dfdda52ee5d23499ad9dbe5b50206ae092526
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D413032F19A8287FB658A259450779A7A0EB84784F551035EB8E8377CDF3DE844CB04
                                                                                                                                                                                                                  Function 00007FF73E4FFC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                                                                  • Opcode ID: 5430039f79c566e65055c532f22fd36a84e69d2178cc99e5f7e2438ea3623593
                                                                                                                                                                                                                  • Instruction ID: 66877f4e3e7de996fc0121afd0082cb26a3ac3d264cecc6a37260298a8af4cb3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5430039f79c566e65055c532f22fd36a84e69d2178cc99e5f7e2438ea3623593
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5031A221E0E24773FA50BB6498213B9A381AF49744FC60534F94E572D3DE2CB90DB231
                                                                                                                                                                                                                  Function 00007FFE004E5056 Relevance: 4.6, APIs: 3, Instructions: 91networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Event$EnumEventsNetworkResetSelect
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 154046648-0
                                                                                                                                                                                                                  • Opcode ID: 9a4608a2f732a95dc6fbf23fbbb7cdddcd963e3a4d83d6fee9ea3970425fbd0c
                                                                                                                                                                                                                  • Instruction ID: 9f5d2993ba3d77ec8f5537bcc86e3715222561329db851fb33e1ce4bb44e9fbc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a4608a2f732a95dc6fbf23fbbb7cdddcd963e3a4d83d6fee9ea3970425fbd0c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01415F72F1DA8287FB658A25945037AA7A1EB84784F511035EB8E837BCDF3CE845CB04
                                                                                                                                                                                                                  Function 00007FFE004E5079 Relevance: 4.6, APIs: 3, Instructions: 90networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Event$EnumEventsNetworkResetSelect
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 154046648-0
                                                                                                                                                                                                                  • Opcode ID: 076cddce801f67c13bd9d39c3bd3f52c9e8e4a806fd095f3ba954ef3792c9138
                                                                                                                                                                                                                  • Instruction ID: 8c0734bb4a258d0840bf813cd5a5fed59b5b67597022184ae02e8c35fdabcf0c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 076cddce801f67c13bd9d39c3bd3f52c9e8e4a806fd095f3ba954ef3792c9138
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18414132F5DA8287FB658A25945037AA7A0EB84784F511035EB8E837BCDF3DE845CB04
                                                                                                                                                                                                                  Function 00007FFE004E4FEC Relevance: 4.6, APIs: 3, Instructions: 90networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Event$EnumEventsNetworkResetSelect
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 154046648-0
                                                                                                                                                                                                                  • Opcode ID: a417258c0fbe602f8bb2963098052e19bbdce2faf620fed94bdc101605547de1
                                                                                                                                                                                                                  • Instruction ID: 65f5c832048b939b702a78cdbbb30ecdd60ea6d8d73211561c0257663257f9ff
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a417258c0fbe602f8bb2963098052e19bbdce2faf620fed94bdc101605547de1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD414132F1DA8287FB658A25945037AA7A1EB84784F511435EB8E837BCDF3DE844CB04
                                                                                                                                                                                                                  Function 00007FF73E4CC830 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Text$DialogItemWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4005798191-0
                                                                                                                                                                                                                  • Opcode ID: 5de7b6228ab36d82332d89868159b1086e8f2031f368d0de97414e5ef74dac9a
                                                                                                                                                                                                                  • Instruction ID: ae15dd33c135f55f0a11f251244cdde1b64032421ef5ccc4db3170970e7da80f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de7b6228ab36d82332d89868159b1086e8f2031f368d0de97414e5ef74dac9a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8411A361F18643B1FB566B19E9182769261EB88F81FC68031E94E037A4DE3CD4D8D330
                                                                                                                                                                                                                  Function 00007FFE004B7CD0 Relevance: 4.5, APIs: 3, Instructions: 37networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastSleepgetsockopt
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3033474312-0
                                                                                                                                                                                                                  • Opcode ID: a6fc075ad24261b69146a39cb73a21cc02a0ff4ba0b82114b24f8d8eea91c36e
                                                                                                                                                                                                                  • Instruction ID: ff864576e54d50c946952c66e97724d42b3c6c64471724a07dcc3074c2c8cc1d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6fc075ad24261b69146a39cb73a21cc02a0ff4ba0b82114b24f8d8eea91c36e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF012C71A0CA4687EB648F15E44423AA7A4AF897C4F644434EB8D87BBCDF3DD4458B04
                                                                                                                                                                                                                  Function 00007FFE0051F8F4 Relevance: 4.5, APIs: 3, Instructions: 27threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00527ED0: GetLastError.KERNEL32(?,?,00000000,00007FFE0051D1B9,?,?,?,?,00007FFE0051DCF6,?,?,00000000,00000000,00000000,00007FFE004BEEE2), ref: 00007FFE00527EDF
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00527ED0: SetLastError.KERNEL32(?,?,00000000,00007FFE0051D1B9,?,?,?,?,00007FFE0051DCF6,?,?,00000000,00000000,00000000,00007FFE004BEEE2), ref: 00007FFE00527F7F
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FFE0051FAA1,?,?,?,?,00007FFE0051F8E5), ref: 00007FFE0051F92F
                                                                                                                                                                                                                  • FreeLibraryAndExitThread.KERNEL32(?,?,?,00007FFE0051FAA1,?,?,?,?,00007FFE0051F8E5), ref: 00007FFE0051F945
                                                                                                                                                                                                                  • ExitThread.KERNEL32 ref: 00007FFE0051F94E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1991824761-0
                                                                                                                                                                                                                  • Opcode ID: 11f3b709e2045fe4bb46170866fb557b0369debddff1e1190fb8bd6e968acc0b
                                                                                                                                                                                                                  • Instruction ID: 58bcb86947f9e12e2fc274808d746c92c6b30ea364ac6f1d3a8047f79431e393
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11f3b709e2045fe4bb46170866fb557b0369debddff1e1190fb8bd6e968acc0b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0F04961A0CA8665EB35AB2080442BC22AAEF95B34F180735DB3C423F8DF2CD845C340
                                                                                                                                                                                                                  Function 00007FFE004C3510 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FFE004B9654), ref: 00007FFE004C351B
                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FFE004B9654), ref: 00007FFE004C3541
                                                                                                                                                                                                                  • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FFE004B9654), ref: 00007FFE004C3555
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1021914862-0
                                                                                                                                                                                                                  • Opcode ID: dd310e79095ef4c500908ab5820b5bb5cf4ab4141bcb02f0d57356d2fab640ce
                                                                                                                                                                                                                  • Instruction ID: 305d907045ed08b3fe78c589b7d0897cf36850d76651c90be56b1a10c848b677
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd310e79095ef4c500908ab5820b5bb5cf4ab4141bcb02f0d57356d2fab640ce
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BF0D064F1940796FA689F12DC665752355BF98706FC04430E60E817BCDF2CE645C700
                                                                                                                                                                                                                  Function 00007FF73E54170C Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF73E5416F8,?,?,?,?,?,00007FF73E541801), ref: 00007FF73E541758
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00007FF73E5416F8,?,?,?,?,?,00007FF73E541801), ref: 00007FF73E541762
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                                                  • Opcode ID: 4e276b4e8684e6fefe4b46f22e3456b5292e0e68994a4019fb02227559f57241
                                                                                                                                                                                                                  • Instruction ID: 6cea9abb0649d82c6857265cfda85c83d99fb790481426a53361a1b52711fcaa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e276b4e8684e6fefe4b46f22e3456b5292e0e68994a4019fb02227559f57241
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67112761708B9291DE10AB26E9200A9E361EB40FF4FA40331EE7E077D8CF3CD1589B00
                                                                                                                                                                                                                  Function 00007FFE004CDF80 Relevance: 3.0, APIs: 2, Instructions: 37networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: closesocketsocket
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2760038618-0
                                                                                                                                                                                                                  • Opcode ID: 161cad5e60a667db12a4e18ed4289b49371c6f5c4dc7667c32b77b58d99cd13d
                                                                                                                                                                                                                  • Instruction ID: 3e8f7d335182361c99dba8e3d0e12c3b3ae647b8f2c6929f15406db7ec6211ad
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 161cad5e60a667db12a4e18ed4289b49371c6f5c4dc7667c32b77b58d99cd13d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F0F462E0978946EF998B6590417F82740AF19B24F0C0274CB2E077E5CF2895D9C710
                                                                                                                                                                                                                  Function 00007FFE0051F884 Relevance: 3.0, APIs: 2, Instructions: 31threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1611280651-0
                                                                                                                                                                                                                  • Opcode ID: ec5ca724d95710bd377016fb0e4ac1f3df81d1db5ca5c4b944d00181f324e25d
                                                                                                                                                                                                                  • Instruction ID: 7c6388ccb3bb447a75e732eaa42856c4c5d0d8b57e807b70b2746bf8ef476c08
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec5ca724d95710bd377016fb0e4ac1f3df81d1db5ca5c4b944d00181f324e25d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF05465E1A64A87EF34ABB194161BD1391EF6AB50F141034EB0D533BADF2CA444C300
                                                                                                                                                                                                                  Function 00007FF73E4FF8A8 Relevance: 3.0, APIs: 2, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                                                                  • Opcode ID: 075a9b894dee54f1e2d93d55dac5f93debce795401718021495ca5484bb0629c
                                                                                                                                                                                                                  • Instruction ID: e0fdff6581765be3d9089c305a10bc508891f5af835bb784211a284faad21ad5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 075a9b894dee54f1e2d93d55dac5f93debce795401718021495ca5484bb0629c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBE0EC11E1F20772F92871A118561B9C1404F0DB74ED91B30F9BD252C3BF5CA49E7275
                                                                                                                                                                                                                  Function 00007FF73E4C1190 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentHookThreadWindows
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1904029216-0
                                                                                                                                                                                                                  • Opcode ID: b01277c2159cb06903c4d6dc753faf89e0e23bd5ced5835b7d50a9daeae0df9f
                                                                                                                                                                                                                  • Instruction ID: b05fc3579dd4ea55c795008db382501857e9b25c716259dc10af43df0d61cc81
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b01277c2159cb06903c4d6dc753faf89e0e23bd5ced5835b7d50a9daeae0df9f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACE04865E56607E2E704BB35DCA547462A0AF1D754FC11131D40F827A0DD1C619EEB20
                                                                                                                                                                                                                  Function 00007FFE005273D0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FFE005305FE,?,?,?,00007FFE0053063B,?,?,00000000,00007FFE00530281,?,?,?,00007FFE005301B3), ref: 00007FFE005273E6
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FFE005305FE,?,?,?,00007FFE0053063B,?,?,00000000,00007FFE00530281,?,?,?,00007FFE005301B3), ref: 00007FFE005273F0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                                  • Opcode ID: b51dc9c41d7b9a289cec24df58693e35c3a216d8d6b6b2fcd540c32bd0ba47dc
                                                                                                                                                                                                                  • Instruction ID: c13475225d2b7c7fc25d0072d882265241c6e89b3ede8905424df21f2d38fb5d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b51dc9c41d7b9a289cec24df58693e35c3a216d8d6b6b2fcd540c32bd0ba47dc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99E0C255F0D60B86FF39ABF2585407916A29F9C740F004030DB0D43379EE2C688283A0
                                                                                                                                                                                                                  Function 00007FF73E5434A4 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                                  • Opcode ID: 09fa1027084a5d864cbbdd87c2598d50d98b8423a5b8fab4b6de70b3447f7c8d
                                                                                                                                                                                                                  • Instruction ID: f9d4126c03d2e27d92c4cb0cb1cbfd044575ebf1bdf7d2091ec04998fe30e240
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09fa1027084a5d864cbbdd87c2598d50d98b8423a5b8fab4b6de70b3447f7c8d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAE01290F0960762FE1977F25C791B592915F94750FC44030D91E522E2EE1C699C6730
                                                                                                                                                                                                                  Function 00007FF73E5436B4 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FF73E543531,?,?,00000000,00007FF73E5435E6), ref: 00007FF73E543722
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF73E543531,?,?,00000000,00007FF73E5435E6), ref: 00007FF73E54372C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                                                  • Opcode ID: 88b317c74a730dd668bd0393c4b3fb0007d089137816eed767c9e93fc4d6791c
                                                                                                                                                                                                                  • Instruction ID: e969bc03e63eb3a9c935a105edcbdf4ee0825474c2769eb6ecb4c866a36c67fa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88b317c74a730dd668bd0393c4b3fb0007d089137816eed767c9e93fc4d6791c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B021F361B0C6A361FE50B7219CB127C92916F947A0FE40234EA6E473E5CF6CB54CAB20
                                                                                                                                                                                                                  Function 00007FF73E4C46D0 Relevance: 1.7, APIs: 1, Instructions: 224COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                  • Opcode ID: 096dcee77eda2f3f7ca7669a6516f2d7f32d62527bf79ba59a8ad680f9d958dc
                                                                                                                                                                                                                  • Instruction ID: 35d0fd92848a0498cbcb2577f8dc1217f32dbf6fc32990cf4315fbb42d1ca9f0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 096dcee77eda2f3f7ca7669a6516f2d7f32d62527bf79ba59a8ad680f9d958dc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7391E732A19B8261EA20AB25F54026DB760FB49BA0F955331EBEE037C5DF3CD498D350
                                                                                                                                                                                                                  Function 00007FF73E546238 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 5f3962f41f205bf934e52e86b3367469bed72cee8df0e000c147630357eb437c
                                                                                                                                                                                                                  • Instruction ID: 50ce0351b5452542625a2fa6994c5ac41cace710a7ced2b533a507c0e2785b4f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f3962f41f205bf934e52e86b3367469bed72cee8df0e000c147630357eb437c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F41E43290E65667EA34AF15D9603B9B3A0EB55B40FA40130D68E836D0CF7DE406EFA0
                                                                                                                                                                                                                  Function 00007FF73E542460 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: dc33b1633bad180a285de19aa7163f5b009fb0dc82fe8756a026466cbc19fb6f
                                                                                                                                                                                                                  • Instruction ID: dd2110588c650f38163be34fa938a9dc2e430fda67612d62bb5fe78a1098655e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc33b1633bad180a285de19aa7163f5b009fb0dc82fe8756a026466cbc19fb6f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C131CF31A18636A5F7557B558C613BCA690AB80B90FE10235E91D033D2DF7CE449AB30
                                                                                                                                                                                                                  Function 00007FF73E533CDC Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: f27999df5cdaf2c8765b20d20a9e465915d1960b7f58dee7a989f84cf68f02e2
                                                                                                                                                                                                                  • Instruction ID: 428d7b71b34043b5ba6aaad199da64cdc8218036d621017133be87f208ee83fb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f27999df5cdaf2c8765b20d20a9e465915d1960b7f58dee7a989f84cf68f02e2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9621C97190C28B60FA26BE166C607B5D5805F607D0F9C4534EF6A067D5CE3EF48AB634
                                                                                                                                                                                                                  Function 00007FF73E52E054 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 5c94e322b43b8bda7df2792a88fe34d8427e353a548ba64a41eb6cdd7acc6dad
                                                                                                                                                                                                                  • Instruction ID: 23d8acf95b289f45a4043302f302b29782a5de1cb490b0265e232e22041e27c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c94e322b43b8bda7df2792a88fe34d8427e353a548ba64a41eb6cdd7acc6dad
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5811D521A1C646D1FA61BF519C202BDF3A0AF84B84FD44031EE4C8778ADF3DE4096B28
                                                                                                                                                                                                                  Function 00007FF73E54E618 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 9eacb3c40ffc53946e845e12b701a15a2bffe5a5c61a019d92c0635d2aa08ecf
                                                                                                                                                                                                                  • Instruction ID: 9614ffc5970807938a4cf6e94d3d8d8a861fa0de3d7aa8ef4e50a02760ee56e7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9eacb3c40ffc53946e845e12b701a15a2bffe5a5c61a019d92c0635d2aa08ecf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07210B32A0864297D761AF28E860379B3A0FB84B54FB40334EA5D4B6D9DF3CD4089F10
                                                                                                                                                                                                                  Function 00007FFE004F25B0 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                                                  • Opcode ID: 486949add4197947b99c4c3f738c81a575d6b322f84288897b87d3ca4264b666
                                                                                                                                                                                                                  • Instruction ID: 14cc7c5dd3f684aaa67d09cc15281d25a5c4f6e763d85c20b47fd74d8b53f815
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 486949add4197947b99c4c3f738c81a575d6b322f84288897b87d3ca4264b666
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 460192A3F149445AF7215A20E9563EC2760E7647B8F450631DF6D163D6F93CA5874304
                                                                                                                                                                                                                  Function 00007FFE00529CF4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 0d86cf1795183f85f7025a1c7e2c322bb73239a4cc3b6c2eb14d661c0ec13575
                                                                                                                                                                                                                  • Instruction ID: 9dbed806e7b178ae531e2238384fe02d6ca26fbad47e78f47ead5970f22a3afa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d86cf1795183f85f7025a1c7e2c322bb73239a4cc3b6c2eb14d661c0ec13575
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50118C7A91C64286F3309B94E8801A963A5FF92740F490434EB9D47BBACF3CE810DB50
                                                                                                                                                                                                                  Function 00007FFE004B7C30 Relevance: 1.5, APIs: 1, Instructions: 46networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                                                  • Opcode ID: 1844c2fc0ff523a5cdf43d77068fa1a419dd91a8f455b2071e1dd6990591cec0
                                                                                                                                                                                                                  • Instruction ID: 2daf52209035aac4c179527b72d71151659ae344629d86d769705e1aa2ce8ebb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1844c2fc0ff523a5cdf43d77068fa1a419dd91a8f455b2071e1dd6990591cec0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13115432B0968182D7548F26E18426D77A1FB88BA4F188634DB6D477ADCF38E891C744
                                                                                                                                                                                                                  Function 00007FFE004B7B10 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: closesocket
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2781271927-0
                                                                                                                                                                                                                  • Opcode ID: 9a3d6d62cc89de047fb686503a894f6f7922804581d35f21370fb20fc2b3fbb9
                                                                                                                                                                                                                  • Instruction ID: cc0ed68e836b24972df769319738f611f22d5a61005803c9ec14d3de14691abc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a3d6d62cc89de047fb686503a894f6f7922804581d35f21370fb20fc2b3fbb9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75016761B5CA8642EA549B27B44426E5351FF8CFC4F586431EF0E8BB6DCE3CE4A18B44
                                                                                                                                                                                                                  Function 00007FFE0052AE04 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FFE0052994C: HeapAlloc.KERNEL32(?,?,00000000,00007FFE0052630C,?,?,?,?,00000000,?,?,?,?,00000000,00000000,00007FFE005261C2), ref: 00007FFE0052998A
                                                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL ref: 00007FFE0052AE71
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2177240990-0
                                                                                                                                                                                                                  • Opcode ID: 87e1afcd09739822f7b7c035f2385613c63f2b6162e7d1a18cb763cec18d3d4f
                                                                                                                                                                                                                  • Instruction ID: e22b7742fe93d948ac68f659d69800e0bd702245189861a6ef8825bd81749744
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87e1afcd09739822f7b7c035f2385613c63f2b6162e7d1a18cb763cec18d3d4f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F801A410E0C20346FE74ABF1654027942985FA7BE0F194630DF2D463FEEE2CE8424212
                                                                                                                                                                                                                  Function 00007FF73E4FF954 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF73E4FF968
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E528E60: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF73E528E68
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E528E60: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF73E528E6D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1208906642-0
                                                                                                                                                                                                                  • Opcode ID: 8f62cd1aeb38513286bfb68b3e3deef0c3e820dcc6aac5e650b304c87196235c
                                                                                                                                                                                                                  • Instruction ID: 12d1fdc0bf4e9b7336d735fa838816ee9316df9383576888c4b7d9bb984e8668
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f62cd1aeb38513286bfb68b3e3deef0c3e820dcc6aac5e650b304c87196235c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64E0B652D0E34376FEA836A00962BB9D3411F2AB45EC10478E85D621839E1E294F7672
                                                                                                                                                                                                                  Function 00007FFE00511E24 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFE00511E38
                                                                                                                                                                                                                    • Part of subcall function 00007FFE005129D0: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FFE005129D8
                                                                                                                                                                                                                    • Part of subcall function 00007FFE005129D0: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FFE005129DD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1208906642-0
                                                                                                                                                                                                                  • Opcode ID: 82a413906570ba0350b15d2309fd442639b4d3f655f90adb5fd7b1a06d9ea194
                                                                                                                                                                                                                  • Instruction ID: 9937e03a65ed546afb034307e03912d49cc31ee5fca326635ab7f175ce2b30a0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82a413906570ba0350b15d2309fd442639b4d3f655f90adb5fd7b1a06d9ea194
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACE0EC18D0CA4340FEB826A010122F91B4A1F22345F9416F9DF0D427FB9E0D74571126
                                                                                                                                                                                                                  Function 00007FFE004E60A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ioctlsocket
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3577187118-0
                                                                                                                                                                                                                  • Opcode ID: e7c995c120f1ddd240695d289affc4048fa26cab1e93b6fd2d3e0d8dc4a1aa18
                                                                                                                                                                                                                  • Instruction ID: 8a79a4260e35e640fd72d5ffd82210ff1a58b18ac3f73187a7b80e5753cbfc0c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7c995c120f1ddd240695d289affc4048fa26cab1e93b6fd2d3e0d8dc4a1aa18
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74C08067F14585C7C3489F6154850876771BBC4204F956435D20B81338EE3CC2A58B44
                                                                                                                                                                                                                  Function 00007FF73E544D18 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF73E541E52,?,?,?,00007FF73E53E2B1,?,?,?,?,00007FF73E5434D8), ref: 00007FF73E544D6D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                  • Opcode ID: aa80e2d5bca837c4ca80e7f016ea2ec7c2a30a2d36a04a00b530b430b992e99d
                                                                                                                                                                                                                  • Instruction ID: 774593142ed3e88e36771dbc0ee30106dc36c4bff4f696099e7041dacadf0f89
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa80e2d5bca837c4ca80e7f016ea2ec7c2a30a2d36a04a00b530b430b992e99d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDF09068B49617A1FE587BA29C713B5D2905F85B81FEC5430DC0E863D2DE2CE5886730
                                                                                                                                                                                                                  Function 00007FFE00528778 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FFE00527F32,?,?,00000000,00007FFE0051D1B9,?,?,?,?,00007FFE0051DCF6,?,?,00000000), ref: 00007FFE005287CD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                  • Opcode ID: 4ab267b4b7ac92a625d9aaadf0847179b0aaf97d3c0869a7247d2a29b1b9f390
                                                                                                                                                                                                                  • Instruction ID: 2ca3768289492644a3c3b1965aea6f72cdbd96867537792acde78da885c8ec5e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ab267b4b7ac92a625d9aaadf0847179b0aaf97d3c0869a7247d2a29b1b9f390
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADF09055B0A30780FE7457E258603B65291AFAAB80F2C4430CB0E867FADE2DE4918310
                                                                                                                                                                                                                  Function 00007FF73E5437C8 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF73E53C842,00000000,00000000,00000000,?,?,00007FF73E53CBA8), ref: 00007FF73E543806
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                  • Opcode ID: 8d56ea1f894de1ecc8f4d6d8c0e7b5f788bd0144603f261c0134e684b60f3540
                                                                                                                                                                                                                  • Instruction ID: 8f277c69915a99dca44be4f1de780c5d0f291866e74a8c31ca7ff65d12110814
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d56ea1f894de1ecc8f4d6d8c0e7b5f788bd0144603f261c0134e684b60f3540
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF05E60E0D21664FE6436A19C61379D1905F94760FD84230DC2E862D1DE6CB5886B30
                                                                                                                                                                                                                  Function 00007FFE0052994C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FFE0052630C,?,?,?,?,00000000,?,?,?,?,00000000,00000000,00007FFE005261C2), ref: 00007FFE0052998A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                  • Opcode ID: 393412dd1a63f565070658576a3aa2998f04b2860c8843bbb7ef1e1885d45cb1
                                                                                                                                                                                                                  • Instruction ID: b850f9047e1b363140babfbfd25f532e9306bdce4dacacef41a706fcc1af5edc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 393412dd1a63f565070658576a3aa2998f04b2860c8843bbb7ef1e1885d45cb1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AF01551F0D34749FE7467F258917B512908FAA7B0F181A38DF2E863FADE2CA4C18221

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00007FF73E523BCB Relevance: 50.0, APIs: 33, Instructions: 485COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getcoll
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2318601406-0
                                                                                                                                                                                                                  • Opcode ID: fbabb50982e4697d40b9808deb39b35f532d38335227e22e9a36e195b002ccbb
                                                                                                                                                                                                                  • Instruction ID: 4e29750caa9afe038f8b21be00d69ea05f2ff6ec8348e8b3abfd807337e1b435
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbabb50982e4697d40b9808deb39b35f532d38335227e22e9a36e195b002ccbb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94223021E09A0665FB95BB11DC602B8B3A0AF58B80FC45435E90E97795EF3CF95DE320
                                                                                                                                                                                                                  Function 00007FFE0050A140 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 240encryptionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Cert$CertificateContextCryptDecodeExtensionFindFreeNameObjectString
                                                                                                                                                                                                                  • String ID: 2.5.29.17$schannel: CertFindExtension() returned no extension.$schannel: CertGetNameString() failed to match connection hostname (%s) against server certificate names$schannel: CertGetNameString() returned certificate name information of unexpected size$schannel: CertGetNameString() returned no certificate name information$schannel: CryptDecodeObjectEx() returned no alternate name information.$schannel: Empty DNS name.$schannel: Failed to read remote certificate context: %s$schannel: Null certificate context.$schannel: Null certificate info.$schannel: connection hostname (%s) did not match against certificate name (%s)$schannel: connection hostname (%s) validated against certificate name (%s)$schannel: server certificate name verification failed
                                                                                                                                                                                                                  • API String ID: 1682959454-2028687885
                                                                                                                                                                                                                  • Opcode ID: 67cd8afd2801cc177c137f8c6b125914eb3d3e4d57a05af33078e4ebbc3c0fb2
                                                                                                                                                                                                                  • Instruction ID: ed7b37b583cd52f1b675b396b2cfd8e758839d6732d08de0b2ea34da20585bf5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67cd8afd2801cc177c137f8c6b125914eb3d3e4d57a05af33078e4ebbc3c0fb2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84B17976A0CB8285EA708B91E4802BD63A1FB89BE4F444631DF5E077A9DF7CE645C701
                                                                                                                                                                                                                  Function 00007FFE0050A560 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 169encryptionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CertCertificateContext$CryptErrorFreeLastObjectQueryStore
                                                                                                                                                                                                                  • String ID: -----END CERTIFICATE-----$-----BEGIN CERTIFICATE-----$schannel: CA file '%s' is not correctly formatted$schannel: added %d certificate(s) from CA file '%s'$schannel: did not add any certificates from CA file '%s'$schannel: failed to add certificate from CA file '%s' to certificate store: %s$schannel: failed to extract certificate from CA file '%s': %s$schannel: unexpected content type '%d' when extracting certificate from CA file '%s'
                                                                                                                                                                                                                  • API String ID: 854292303-665156428
                                                                                                                                                                                                                  • Opcode ID: 485f857b51ff44c52eaaab1783300844672a2e02521d620ff21519ef252556d9
                                                                                                                                                                                                                  • Instruction ID: a17daa74d7ce0963ab1e3069623480ec5eb17d98cb1934a82798bb7dcc22d3cf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 485f857b51ff44c52eaaab1783300844672a2e02521d620ff21519ef252556d9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A561AC75A0CB8681EA718B65E8003BE23A1FB49B84F485031DF4D4BBADDE7CE245CB01
                                                                                                                                                                                                                  Function 00007FF73E4F23D0 Relevance: 16.6, APIs: 11, Instructions: 114COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$Create$Event$Semaphore$CriticalInitializeSection
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1538624819-0
                                                                                                                                                                                                                  • Opcode ID: f4e7f57e4cbee41f879734b2b348bffdff7d02d41a0f7ef45d52e417f0f40e04
                                                                                                                                                                                                                  • Instruction ID: f217f0557f28a451896ce52685391447052528465ac3e5535bcfdcfe05b20358
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4e7f57e4cbee41f879734b2b348bffdff7d02d41a0f7ef45d52e417f0f40e04
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0341C231B06B1396FF58AB35A83077AB2D0AF98B45F844038EE0E82690FF3CD4495624
                                                                                                                                                                                                                  Function 00007FFE004DC2E0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 77encryptionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Crypt$Hash$Context$ParamRelease$AcquireCreateDataDestroy
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 1945989244-2766056989
                                                                                                                                                                                                                  • Opcode ID: 8bffde0327471f72c718202a9c000e6b5d39d7cf87d66346257744c8e778034f
                                                                                                                                                                                                                  • Instruction ID: d0854e177865a96a9f08a8332d1afdee3e4818f1f41f4e7c78811898cd35520f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bffde0327471f72c718202a9c000e6b5d39d7cf87d66346257744c8e778034f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9317E32A1CA8686E7748F61E49466A7761FBC8B84F445035EB8E47B28DF3CD405CF04
                                                                                                                                                                                                                  Function 00007FFE004BF3B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112encryptionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Crypt$Context$Release$AcquireDestroyEncryptImport
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 3016261861-2766056989
                                                                                                                                                                                                                  • Opcode ID: 75266519f0140f6053515bcc244f0ee1dc024835d3a9279e8c7f1a7fab014e01
                                                                                                                                                                                                                  • Instruction ID: 5bb4717f94fb16b3f74dd6754dec0ffcf38460085f78d7ec2e0519bbd62d62f9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75266519f0140f6053515bcc244f0ee1dc024835d3a9279e8c7f1a7fab014e01
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B41AD62A086A08EF7208BB5E4543EE3BB0F74A348F044065DF9D57B5ACB3CC11ADB50
                                                                                                                                                                                                                  Function 00007FF73E54BB6C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                                  • API String ID: 3069159798-905460609
                                                                                                                                                                                                                  • Opcode ID: b74b59227e8124139c621df5596f9e9f4cfa116d9a338149a168b00f08bf551e
                                                                                                                                                                                                                  • Instruction ID: f537a1bd0287f7d531a4c48b5d19e868a47da5e68ddc2a61faddf34cd44c50b8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b74b59227e8124139c621df5596f9e9f4cfa116d9a338149a168b00f08bf551e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7391D132A08762A1E7A4BF2198606B9B3A4EF44B80FA44131DA4D47785DF3DE559EB20
                                                                                                                                                                                                                  Function 00007FF73E54C5B4 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2591520935-0
                                                                                                                                                                                                                  • Opcode ID: ce65242d796647e5033c9764a01df453fa8f9b5600c489b1c1b9be6dd0ba0de7
                                                                                                                                                                                                                  • Instruction ID: b87d59118ffa90b3c81408aacbcd2b07e7143ce80b2cd3f2494071e6c0bf422d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce65242d796647e5033c9764a01df453fa8f9b5600c489b1c1b9be6dd0ba0de7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD717F62F04622A6FB50AB64DC606BDB3B0BF84744FA48035CA0D536D5EF3CE449EB60
                                                                                                                                                                                                                  Function 00007FF73E50034C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                                  • Opcode ID: 415edbc11fb37de836cb0b17485eae06bb2039fab1cbce98792d0ab60ec25480
                                                                                                                                                                                                                  • Instruction ID: edfbaad48c237f70f243a1d29db907c622542059b7d8327e0894b3a9675e615e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 415edbc11fb37de836cb0b17485eae06bb2039fab1cbce98792d0ab60ec25480
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37313272609B819AEB609F60E8503EDB364FB84754F444439EA4E47B94EF78D54CD720
                                                                                                                                                                                                                  Function 00007FF73E5474F8 Relevance: 9.3, APIs: 6, Instructions: 335timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF73E54753D
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E547384: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73E547398
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E5434A4: RtlFreeHeap.NTDLL ref: 00007FF73E5434BA
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E5434A4: GetLastError.KERNEL32 ref: 00007FF73E5434C4
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E538708: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF73E5386B7,?,?,?,?,?,00007FF73E5385A2), ref: 00007FF73E538711
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E538708: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF73E5386B7,?,?,?,?,?,00007FF73E5385A2), ref: 00007FF73E538736
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E539C14: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73E539B57
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF73E54752C
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E5473E4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF73E5473F8
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF73E5477A2
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF73E5477B3
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF73E5477C4
                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF73E547A04), ref: 00007FF73E5477EB
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4070488512-0
                                                                                                                                                                                                                  • Opcode ID: c2726176dbcb29ed724229481ed31d4739d636d459c6d7b4846ec10777b721ea
                                                                                                                                                                                                                  • Instruction ID: d8eb8a8bc6e99fbcbd3fab8a64f033cdadfdb13bd084ef6465917ff197417bbe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2726176dbcb29ed724229481ed31d4739d636d459c6d7b4846ec10777b721ea
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2D1B322A08262A6E720FF25DC601B9A7A1FF84784FD08035EA0D47795DF3CE459EB60
                                                                                                                                                                                                                  Function 00007FFE00531870 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FFE005318B5
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00531208: _invalid_parameter_noinfo.LIBCMT ref: 00007FFE0053121C
                                                                                                                                                                                                                    • Part of subcall function 00007FFE005273D0: RtlFreeHeap.NTDLL(?,?,?,00007FFE005305FE,?,?,?,00007FFE0053063B,?,?,00000000,00007FFE00530281,?,?,?,00007FFE005301B3), ref: 00007FFE005273E6
                                                                                                                                                                                                                    • Part of subcall function 00007FFE005273D0: GetLastError.KERNEL32(?,?,?,00007FFE005305FE,?,?,?,00007FFE0053063B,?,?,00000000,00007FFE00530281,?,?,?,00007FFE005301B3), ref: 00007FFE005273F0
                                                                                                                                                                                                                    • Part of subcall function 00007FFE005277B0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FFE0052778F,?,?,?,?,00000000,00007FFE0052767A), ref: 00007FFE005277B9
                                                                                                                                                                                                                    • Part of subcall function 00007FFE005277B0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FFE0052778F,?,?,?,?,00000000,00007FFE0052767A), ref: 00007FFE005277DE
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00533FB8: _invalid_parameter_noinfo.LIBCMT ref: 00007FFE00533F03
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FFE005318A4
                                                                                                                                                                                                                    • Part of subcall function 00007FFE00531268: _invalid_parameter_noinfo.LIBCMT ref: 00007FFE0053127C
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FFE00531B1A
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FFE00531B2B
                                                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FFE00531B3C
                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FFE00531D7C), ref: 00007FFE00531B63
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4070488512-0
                                                                                                                                                                                                                  • Opcode ID: 2adf3a4980661d1262db150b1b7e6f230adf9fee598862818c624a8e9128255e
                                                                                                                                                                                                                  • Instruction ID: 35ec2bd31cf3cd4f1f274df680a4f03d46069509170698910bc7a593c42665ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2adf3a4980661d1262db150b1b7e6f230adf9fee598862818c624a8e9128255e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BD1D126A18A428AEB30EF36D8501B967A1FF88794F449136EB4D47BADDF3CE441C744
                                                                                                                                                                                                                  Function 00007FF73E4C9570 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 415COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                  • String ID: <?xml$encoding$standalone$version
                                                                                                                                                                                                                  • API String ID: 3668304517-3104461930
                                                                                                                                                                                                                  • Opcode ID: 36b52e651fc607acc61f5c60885fc17f2074091fcdc9b6f819bcce824e6ee358
                                                                                                                                                                                                                  • Instruction ID: e0cafb344849fc7efa91da3052976940ce5d23ea91421060602006c967105592
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36b52e651fc607acc61f5c60885fc17f2074091fcdc9b6f819bcce824e6ee358
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C902E762E0868375FB51AB2494503BCA7A0AF497A4F865231FBED077D5DE2CE4C9D320
                                                                                                                                                                                                                  Function 00007FF73E5383EC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                  • Opcode ID: 563fbf7d67aed772d1ac93c1f2212d7526e38f27c612dd47cb9f6f3ba137ffeb
                                                                                                                                                                                                                  • Instruction ID: b03c67397a8a59908ebfbc513086d5ffbe899aaaa24ec19723ba571c6e996aa3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 563fbf7d67aed772d1ac93c1f2212d7526e38f27c612dd47cb9f6f3ba137ffeb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32316F72618B8196DB64DF25E8503EEB3A0FB88754F900535EA8E43B99EF3CD549CB10
                                                                                                                                                                                                                  Function 00007FFE005274C4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                  • Opcode ID: cc507a3cd4e27b1c2c92fe97bcf158f2bc8a2512d2862022ab578c7b6b848634
                                                                                                                                                                                                                  • Instruction ID: 29dde9726ab5eb07324fa521be7b39a9cbfe04e6ad20756635cfbeabe39e7541
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc507a3cd4e27b1c2c92fe97bcf158f2bc8a2512d2862022ab578c7b6b848634
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E315C36A08F858ADB70CB25E8402EE73A1FB89794F500535EB9D43BA8EF3CD1458B00
                                                                                                                                                                                                                  Function 00007FF73E506394 Relevance: 7.9, APIs: 5, Instructions: 430COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf$_invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 93898633-0
                                                                                                                                                                                                                  • Opcode ID: d297b2f861fb73f1fca8018ff14dd33619931bcace1328644e2fb28dee03e945
                                                                                                                                                                                                                  • Instruction ID: 6c4c3238a43816e9a634b364999e31986977867735c3635a2fce41861bc39ecd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d297b2f861fb73f1fca8018ff14dd33619931bcace1328644e2fb28dee03e945
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50023862F19A899AFB109B64D8603FDA361AF487D4F804331EE5C17B99EE3CD549D310
                                                                                                                                                                                                                  Function 00007FF73E51EA28 Relevance: 7.9, APIs: 5, Instructions: 426COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf$_invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 93898633-0
                                                                                                                                                                                                                  • Opcode ID: cc8c43bda32be00b326f32bf2538385ff2e6d54abd1203ba7c644a828bae8d15
                                                                                                                                                                                                                  • Instruction ID: 0ccb9f7bf7d3f0cbd77e833d54b005c710b21890e97924446f6683d0e326251a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc8c43bda32be00b326f32bf2538385ff2e6d54abd1203ba7c644a828bae8d15
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DF11562F18A849AFB10AB65DC603FDA361AF587D8F804335EE5C17B99EE2CD149D310
                                                                                                                                                                                                                  Function 00007FF73E51F6AC Relevance: 7.9, APIs: 5, Instructions: 426COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf$_invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 93898633-0
                                                                                                                                                                                                                  • Opcode ID: 3259be5abe0d5c446784649c4ed8f35c66c673092111bbd7bc90825af1c85f09
                                                                                                                                                                                                                  • Instruction ID: 630ed9bcf7945c36b8231070dc0e00fb914fc81f6579d809fb9dde2279918e96
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3259be5abe0d5c446784649c4ed8f35c66c673092111bbd7bc90825af1c85f09
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF12662F18A459AFB10AB65D8203FDA361AF587D4F804331ED5C67B99EE3CD149D320
                                                                                                                                                                                                                  Function 00007FFE004DC410 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Crypt$Context$AcquireCreateHashRelease
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 4045725610-2766056989
                                                                                                                                                                                                                  • Opcode ID: 3a129e56e9addd2bcf03be2df3e8b2ea40707e20ebed46fbf8c9f53268c9ecf4
                                                                                                                                                                                                                  • Instruction ID: e1f4faa7a75107f862e9b4e9e2bc0b1a73468fb2fd73605e921d68d4a8bb35cd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a129e56e9addd2bcf03be2df3e8b2ea40707e20ebed46fbf8c9f53268c9ecf4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19F096A6F1461683F7304B31E8457666390EB98B48F444030CF8C46768DF3CC0918B04
                                                                                                                                                                                                                  Function 00007FF73E547774 Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3458911817-0
                                                                                                                                                                                                                  • Opcode ID: b332f2b434b7a7a3d168b15ae48663da4e7c06e9571483456e68b2b23eb0fb00
                                                                                                                                                                                                                  • Instruction ID: 88634909d930ec44315cfdbf9aa0be4d2a5acf79c92ed921293e58e9e14a0880
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b332f2b434b7a7a3d168b15ae48663da4e7c06e9571483456e68b2b23eb0fb00
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A519E32A18652A6E710FF21DCA05A9E760FF88784F904135EA0D43796DF3CE518EB60
                                                                                                                                                                                                                  Function 00007FFE004DC4A0 Relevance: 6.0, APIs: 4, Instructions: 33encryptionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Crypt$Hash$Param$ContextDestroyRelease
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2110207923-0
                                                                                                                                                                                                                  • Opcode ID: 813bad1ed8e962263623547beaed7f974e2ba053855a4b379329ebd042f5e291
                                                                                                                                                                                                                  • Instruction ID: 4280fbc495a9d72ea27d1b191ca4177c2a10028103408a527fd7e772e8fe76df
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 813bad1ed8e962263623547beaed7f974e2ba053855a4b379329ebd042f5e291
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E011E76A0864586EB24CF65E59876AB770FB88B88F144136DB4906B78CF3DD449CB40
                                                                                                                                                                                                                  Function 00007FF73E4FFEA8 Relevance: 4.5, APIs: 3, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?,?,00000001,00007FF73E4FFFA9,?,?,?,?,?,?,00007FF73E53852F), ref: 00007FF73E4FFEB3
                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,00000001,00007FF73E4FFFA9,?,?,?,?,?,?,00007FF73E53852F), ref: 00007FF73E4FFEBC
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,00000001,00007FF73E4FFFA9,?,?,?,?,?,?,00007FF73E53852F), ref: 00007FF73E4FFEC2
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CurrentProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1249254920-0
                                                                                                                                                                                                                  • Opcode ID: d06157b6dcfcd129492b735940f1b62751f65dc9730b86f28f38d44a3d486a1d
                                                                                                                                                                                                                  • Instruction ID: 3ee1d0ef6d7fe0eef44e16e04a872c73371aca767db44f584df2ca2fe9a0d768
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d06157b6dcfcd129492b735940f1b62751f65dc9730b86f28f38d44a3d486a1d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4ED0C9E1E2990696FB283B62AC350359222EF5CF41F442834FA0B463A0DFBC948D9360
                                                                                                                                                                                                                  Function 00007FF73E546970 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                  • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                  • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                  • Opcode ID: d59fee0c66f67023ba91426af997dad5027048e96b5e869348eca7800524b03a
                                                                                                                                                                                                                  • Instruction ID: 02ef42102049dd8909ddbde4c9bbd977063c60c3b4e35b28a8410f56bfe35b8a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d59fee0c66f67023ba91426af997dad5027048e96b5e869348eca7800524b03a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D01DB61B08755E5EB00AB56FC501A6E3A0FF88BD0F944036EE4E03B95CE7CD5499790
                                                                                                                                                                                                                  Function 00007FFE004F0430 Relevance: 3.0, APIs: 2, Instructions: 36networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentProcesshtons
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2530476045-0
                                                                                                                                                                                                                  • Opcode ID: 15180718763356d48dbe7da67e54b751488fbe65f0e6c01cd4323707dc2cab60
                                                                                                                                                                                                                  • Instruction ID: 8a3ddc529177672ea2df19c191c570395ecdd4c9ef472541c1aa68ac238dee03
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15180718763356d48dbe7da67e54b751488fbe65f0e6c01cd4323707dc2cab60
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB015E669247D0DAD314CF35E5001AE77B0FB58B48B04D62AFB9987B29EB38D6E0C744
                                                                                                                                                                                                                  Function 00007FF73E54BEC8 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E541C78: GetLastError.KERNEL32 ref: 00007FF73E541C87
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E541C78: FlsGetValue.KERNEL32 ref: 00007FF73E541C9C
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E541C78: SetLastError.KERNEL32 ref: 00007FF73E541D27
                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF73E54C6B7,?,00000000,00000092,?,?,00000000,?,00007FF73E53C439), ref: 00007FF73E54BF66
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3029459697-0
                                                                                                                                                                                                                  • Opcode ID: 09bccea211c5a866ffa8cc85e6d8acf03ef040590420397e8598bd82a34f543a
                                                                                                                                                                                                                  • Instruction ID: 4cf2be32a3715e3f4c2916737266d83ce0f0589c8ce457c5f86cbda3835a89e4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09bccea211c5a866ffa8cc85e6d8acf03ef040590420397e8598bd82a34f543a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B112473E08601AAEB54AF15D8902ACB7A0FB90BE0F948131D62E433C0CE38D6D9DF50
                                                                                                                                                                                                                  Function 00007FF73E54BF98 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E541C78: GetLastError.KERNEL32 ref: 00007FF73E541C87
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E541C78: FlsGetValue.KERNEL32 ref: 00007FF73E541C9C
                                                                                                                                                                                                                    • Part of subcall function 00007FF73E541C78: SetLastError.KERNEL32 ref: 00007FF73E541D27
                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF73E54C673,?,00000000,00000092,?,?,00000000,?,00007FF73E53C439), ref: 00007FF73E54C016
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3029459697-0
                                                                                                                                                                                                                  • Opcode ID: 589a1f106ded9f09188a43b6ce4934955b4cdc0d3092af6e0a0ead10483e9e20
                                                                                                                                                                                                                  • Instruction ID: 90d0158b0968df42a4b401b2c3e02c16ff4fd23969dc65d5804aeadc45fa327d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 589a1f106ded9f09188a43b6ce4934955b4cdc0d3092af6e0a0ead10483e9e20
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2001F572E0C29296EB516B16E8507B9B2A1EB807A4F958232D26D032C4CF789489AB10
                                                                                                                                                                                                                  Function 00007FF73E5463D8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF73E54687F,?,?,?,?,?,?,?,?,00000000,00007FF73E54B518), ref: 00007FF73E546427
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                                  • Opcode ID: 88c58e0c59e3d2798281ee09a98b5a07a88ba37911fc628544a8a7ac21b8094d
                                                                                                                                                                                                                  • Instruction ID: 9d4f0c087d416a4d56fd4ee28ac9e5cc9a421a698f77f05d3de9424109c24fa5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88c58e0c59e3d2798281ee09a98b5a07a88ba37911fc628544a8a7ac21b8094d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AF08CB2B18B41D2E700EB29ECA02A9A375FB89780F948035EA1D83364CF3CD568D350
                                                                                                                                                                                                                  Function 00007FF73E5273D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                  • Opcode ID: 82d677a51ae78a0753265f58c38da17711e42556778f21d5528090415d723133
                                                                                                                                                                                                                  • Instruction ID: 47f0ff7874314d70179016776abd966577bcbd6c6f160cdea9a1feba5db8a798
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82d677a51ae78a0753265f58c38da17711e42556778f21d5528090415d723133
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33F0A072D2C046A3E3A9BA18D878739AA70FB40300FC10532E94F826D0CE1CD559E7A1
                                                                                                                                                                                                                  Function 00007FFE0052F6EC Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                  • Opcode ID: 69d37ac74d78568a54738cddb7e56479ac8c3faad1b54e68bc6228c715a591ea
                                                                                                                                                                                                                  • Instruction ID: 9915fc8002331be370eec5aa97f069068fda31e6d623589c056d2c2d9a276458
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69d37ac74d78568a54738cddb7e56479ac8c3faad1b54e68bc6228c715a591ea
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2B01224F0BB0BC6FA392B216C8221522A47F4C701FA54078D22D41338DF3C20F54710
                                                                                                                                                                                                                  Function 00007FFE004DC490 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 9987caef666dd58d03dbeb6dc7c6505f1515d23fe1c89f48918fd4cb4a19e935
                                                                                                                                                                                                                  • Instruction ID: a0bfe946d5b99c8febdd5dbe7e6a828e13c84c6bcbfd9303875375d124496483
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9987caef666dd58d03dbeb6dc7c6505f1515d23fe1c89f48918fd4cb4a19e935
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BA011A2A0A80E80A2208B00E2A0E202220FB88B8830080208A0C028208E2880028200
                                                                                                                                                                                                                  Function 00007FF73E50052C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 3894da93014a0781c546b904c8de7f8c554dd63feb2aba4efcb254fee2994e31
                                                                                                                                                                                                                  • Instruction ID: c7d9b418a209077537a587b3d0ff8a45a4a5ced3630ed4bed50f09c1935df105
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3894da93014a0781c546b904c8de7f8c554dd63feb2aba4efcb254fee2994e31
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EA0026290CC02F0E614AB00FC70530A730EB50300BC04931F00E594B0AF7CE848E771
                                                                                                                                                                                                                  Function 00007FFE004DB370 Relevance: 75.7, APIs: 29, Strings: 14, Instructions: 486COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: #211$#217
                                                                                                                                                                                                                  • String ID: ;binary$Bad LDAP URL: %s$DN: $LDAP local: %s$LDAP local: Cannot connect to %s:%u$LDAP local: LDAP Vendor = %s ; LDAP Version = %d$LDAP local: bind via ldap_win_bind %s$LDAP local: explicit TLS not supported$LDAP local: trying to establish %s connection$LDAP remote: %s$Microsoft Corporation.$There are more than %d entries$cleartext$encrypted
                                                                                                                                                                                                                  • API String ID: 2221317745-3957863006
                                                                                                                                                                                                                  • Opcode ID: 1ea833b3db840e25ecb31b033a4d5b1e0ece7054d4c5fda8d3ab5d30bbfb3944
                                                                                                                                                                                                                  • Instruction ID: e15c7437b02d45cf35824fe59cb34d0a4e8028342335bdb0654efa30f751aa65
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea833b3db840e25ecb31b033a4d5b1e0ece7054d4c5fda8d3ab5d30bbfb3944
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB226B76F09B46CAEB20DB62A4502B927A1FB49B88F014432DF4E577ADDF3CE5058384
                                                                                                                                                                                                                  Function 00007FF73E4D84F0 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 383COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: GUP$It's not a valid GUP xml.$Location$Location is missed.$Location node is missed.$NeedToBeUpdated$NeedToBeUpdated is missed.$NeedToBeUpdated node is missed.$NeedToBeUpdated value is incorrect (only "yes" or "no" is allowed).$Version$yes
                                                                                                                                                                                                                  • API String ID: 1283921372-3597628493
                                                                                                                                                                                                                  • Opcode ID: 8cd1ff5fd37cacb4cb60fdc344d10ff6ea14a0c1297d2f4d387bd2a8d8efffb6
                                                                                                                                                                                                                  • Instruction ID: 13b732cb184cc0b81b3724ee8c70f3e18559593254b13e90e1400eb34d68659b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cd1ff5fd37cacb4cb60fdc344d10ff6ea14a0c1297d2f4d387bd2a8d8efffb6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CF1B462E1964771EE44AB24D8502FEE361EF8D784FD15132E65C076A6EF2CE588E320
                                                                                                                                                                                                                  Function 00007FFE00504430 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 155libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConditionMask$InfoVerifyVersion$AddressHandleModuleProc
                                                                                                                                                                                                                  • String ID: HTTP$RtlVerifyVersionInfo$ntdll
                                                                                                                                                                                                                  • API String ID: 574519269-1320951699
                                                                                                                                                                                                                  • Opcode ID: b9a4aca4df3bd9c618c93e48c6f60faf1feaf6b682dc974b0ae765736962df96
                                                                                                                                                                                                                  • Instruction ID: 7159098a5a2a42a887101a1259d0a677b8ae695e7a8cfc4ca61c81eb652985db
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9a4aca4df3bd9c618c93e48c6f60faf1feaf6b682dc974b0ae765736962df96
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2151D0B1E0D68686EA749BA1A815BBE63A0BF46745F440135EF4E077BCDF3DE6009B00
                                                                                                                                                                                                                  Function 00007FF73E4F22A0 Relevance: 24.1, APIs: 16, Instructions: 87synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$CloseHandle$ObjectSingleWait$CriticalReleaseSectionSemaphore$DeleteEventLeave
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3711601976-0
                                                                                                                                                                                                                  • Opcode ID: e787d463946e19591d84f4c5ed6c185dece9f1c51b1b39d0130e6fdfd2e50d0d
                                                                                                                                                                                                                  • Instruction ID: 53b0a09278ce37d9948ab467680048a6bea2de7526dd39554e8a1cb226a4b5ca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e787d463946e19591d84f4c5ed6c185dece9f1c51b1b39d0130e6fdfd2e50d0d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF4131A1A0AA03E6FB54AF71E850138F3A4EF58F44B960135E91E415D4DF3CE88DA624
                                                                                                                                                                                                                  Function 00007FFE0050A7E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 156fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$CloseCreateFileHandle
                                                                                                                                                                                                                  • String ID: schannel: CA file exceeds max size of %u bytes$schannel: failed to determine size of CA file '%s': %s$schannel: failed to open CA file '%s': %s$schannel: failed to read from CA file '%s': %s$schannel: invalid path name for CA file '%s': %s
                                                                                                                                                                                                                  • API String ID: 614986841-3430970913
                                                                                                                                                                                                                  • Opcode ID: eb311f7e0ea0921952ed5b77cff78ab9b70290204aa08973216c10263d25246f
                                                                                                                                                                                                                  • Instruction ID: 286cda21f3e4b26f91a0b83f42bad8087a738decfef7fd5ca31b7889101a4333
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb311f7e0ea0921952ed5b77cff78ab9b70290204aa08973216c10263d25246f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49617F71B0C74682EB709B61E8547BA63A1FB49B84F804535EF8D437AAEF3CE6048740
                                                                                                                                                                                                                  Function 00007FFE004C1370 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 396COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s%02x%02x$AAAA$CNAME: %s$Could not DoH-resolve: %s$DoH A: %u.%u.%u.%u$DoH AAAA: $DoH Host name: %s$DoH: %s type %s for %s$TTL: %u seconds$bad error code
                                                                                                                                                                                                                  • API String ID: 0-103626726
                                                                                                                                                                                                                  • Opcode ID: 7ca16260a6ad4e7ec0c27d4e4f8fbe9bf7f5005e6c5326627e13a6be44a0764c
                                                                                                                                                                                                                  • Instruction ID: a5685bfad4000f9e149d971cf96700db582e0954812784c96912639e609cf21d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ca16260a6ad4e7ec0c27d4e4f8fbe9bf7f5005e6c5326627e13a6be44a0764c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9002AE72A0868286EBA09F11E5807EA77A0FB86784F440136EB4E177BADF7CE545C704
                                                                                                                                                                                                                  Function 00007FFE004F8100 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 164networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastsend
                                                                                                                                                                                                                  • String ID: #$%c%.*s%c%s$%c%c$%c%c%c%c$%c%c%c%c%s%c%c$%c%s$Sending data failed (%d)
                                                                                                                                                                                                                  • API String ID: 1802528911-3289963701
                                                                                                                                                                                                                  • Opcode ID: 526a1693e872e7e7f7b5191f7476510927ba8a54d4ad65c58f91422186c852d7
                                                                                                                                                                                                                  • Instruction ID: 2df7a61e3298287c91f40b03efb2cd5d87d0e793a2ced1daf0c0939c159ae639
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 526a1693e872e7e7f7b5191f7476510927ba8a54d4ad65c58f91422186c852d7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20819172608A8285EB209F51E0447FA73A0FB44BA8F444236DF9D1BBA9DF7DD1498B44
                                                                                                                                                                                                                  Function 00007FF73E541C78 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 570795689-0
                                                                                                                                                                                                                  • Opcode ID: 187ad3e94ab79124f7301d6162132437602a47d295bc3b60e2b76fb084c9966e
                                                                                                                                                                                                                  • Instruction ID: 3e92a7898a5be9e5752ccd61b9f76ec6a24624b4a3909b46d5d8133f5f2e7b6f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 187ad3e94ab79124f7301d6162132437602a47d295bc3b60e2b76fb084c9966e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A341A060E0966621FB5877265E71179D2818F847B0FF80734ED3E0A7D6DE2CB4496B30
                                                                                                                                                                                                                  Function 00007FF73E4F20F0 Relevance: 18.1, APIs: 12, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast$Event$CriticalObjectResetSectionSingleWait$EnterLeaveReleaseSemaphore
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1401804599-0
                                                                                                                                                                                                                  • Opcode ID: 9d1ff3c623514f5c8c891cdf646da433041da26c7610586ccde2d3e5a6cf45dc
                                                                                                                                                                                                                  • Instruction ID: 795d0ffd4496a2c417da2bf6c13230648b4ff0f89426a8dab5fe200ae1e7b07b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d1ff3c623514f5c8c891cdf646da433041da26c7610586ccde2d3e5a6cf45dc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50217172A09A4292E750AF31DC14229B3B0FB88F59F914131EA5E432E4DF3CE44EDB14
                                                                                                                                                                                                                  Function 00007FFE004D6400 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 374COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s: %s$Date$Host$X-%s-Date$host:%s$x-%s-date:%s
                                                                                                                                                                                                                  • API String ID: 0-2873700390
                                                                                                                                                                                                                  • Opcode ID: 2c4eebb9ab0614cdc7bbd95e7cd2002cb995592cbfd5c8f90b8fbbd134ee654f
                                                                                                                                                                                                                  • Instruction ID: dd25ad099bcb690d3cd98153560623560ce76ecfa0abd045e0e9a6c6a17d3719
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c4eebb9ab0614cdc7bbd95e7cd2002cb995592cbfd5c8f90b8fbbd134ee654f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9E1BE62A0DB8644FE61AB15A4243B967A1AF55BC4F4A4037DFCD073EEEE2CE445C308
                                                                                                                                                                                                                  Function 00007FFE004FA5B0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 207networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: sendto$ErrorLast
                                                                                                                                                                                                                  • String ID: Received ACK for block %d, expecting %d$Timeout waiting for block %d ACK. Retries = %d$tftp_tx: giving up waiting for block %d ack$tftp_tx: internal error, event: %i
                                                                                                                                                                                                                  • API String ID: 4042023021-2715966420
                                                                                                                                                                                                                  • Opcode ID: 1b61bef60cbc7209d8a462e2ad9d6cdb391534a3cd8d84cc19f624beaa6465f9
                                                                                                                                                                                                                  • Instruction ID: 73189f1a7f345467dda455c94c0107ed606419ffe6e69b5342c031be999b8604
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b61bef60cbc7209d8a462e2ad9d6cdb391534a3cd8d84cc19f624beaa6465f9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64A18DB2A0868286EBA48F25D440AF937A0FB88F89F084035DF4D5B76CDF38E454C755
                                                                                                                                                                                                                  Function 00007FF73E4F2760 Relevance: 16.7, APIs: 11, Instructions: 187synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$EnterErrorEventLastLeaveObjectSingleWait$ReleaseSemaphore
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3678785042-0
                                                                                                                                                                                                                  • Opcode ID: 52cf2ea371375fd5d4bf3e4183d0d7f98a1a8851bb50458e6575b8ba62f6b1f3
                                                                                                                                                                                                                  • Instruction ID: 9208ff1d771b8a2b91a590a6a8e6fc62aa3d7c3dfeb44b3706d454f3e9173559
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52cf2ea371375fd5d4bf3e4183d0d7f98a1a8851bb50458e6575b8ba62f6b1f3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D81D372A15782D6D700DF35E454AACB7A5FB88F8CF418235EA5E43694DF38E889CB10
                                                                                                                                                                                                                  Function 00007FF73E534D08 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: 0$0$0
                                                                                                                                                                                                                  • API String ID: 3215553584-3137946472
                                                                                                                                                                                                                  • Opcode ID: c7b4a7ea8048b31852d4b71821b979729c2a7072c3dd78d4e8eed655efc48241
                                                                                                                                                                                                                  • Instruction ID: 1f040a10fa2ffb0bf774a0bd19c2443d7b694a6c3871e9eb4241de3310b49992
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7b4a7ea8048b31852d4b71821b979729c2a7072c3dd78d4e8eed655efc48241
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15E1093690D68765FB62AF2488B03BDA7919B51785FD89032D78C47382CE3FE45DA321
                                                                                                                                                                                                                  Function 00007FFE004F53F0 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 105COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_CONTINUE_NEEDED$Unknown error
                                                                                                                                                                                                                  • API String ID: 1452528299-1752685260
                                                                                                                                                                                                                  • Opcode ID: a8575912e38ebb42ae5be0bc232a01fba96a7559b5285dd769a693bf6b822c1f
                                                                                                                                                                                                                  • Instruction ID: ec2e80709988761ace6fbcddfe33189504cb82fefb861faf6ae680db8ab68cfb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8575912e38ebb42ae5be0bc232a01fba96a7559b5285dd769a693bf6b822c1f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB41E171A0CA4695F730AB51A8403FA2261FF44B96F804132EB4D567BEDF3CA559C618
                                                                                                                                                                                                                  Function 00007FF73E52EC00 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                  • Opcode ID: fada521fd399d3fc714dc1429b3018461c30c230c9ef086ced79ac38ee882070
                                                                                                                                                                                                                  • Instruction ID: 89068b594f43344f8a61885efa5e5ad5f987d2467199c53c3041b1e14ca7ef53
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fada521fd399d3fc714dc1429b3018461c30c230c9ef086ced79ac38ee882070
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3412D872E0C14BA6FB247B14E8642B9F651FB90750FC84035E69AE65C4DF3CE488AB34
                                                                                                                                                                                                                  Function 00007FFE004B64D0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 99COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s socket %qd connected: [%s:%d] -> [%s:%d]$QUIC$UDP$cf_udp_connect(), open failed -> %d$cf_udp_connect(), opened socket=%qd (%s:%d)$cf_udp_connect(), opened socket=%qd (unconnected)
                                                                                                                                                                                                                  • API String ID: 0-971666047
                                                                                                                                                                                                                  • Opcode ID: eb66ec0af96ba0e529088b22ad79f1710f7706f30a49e938fedc1f091ada8341
                                                                                                                                                                                                                  • Instruction ID: debf42ae69b625c959688d4683193cf9491c54270bf78f5b37386e8e5c195867
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb66ec0af96ba0e529088b22ad79f1710f7706f30a49e938fedc1f091ada8341
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1418F72A087869AEB648F36E5006EA77A0FB94B94F450132EF5D833A9DF3CE0558704
                                                                                                                                                                                                                  Function 00007FF73E527240 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                  • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                  • API String ID: 667068680-1247241052
                                                                                                                                                                                                                  • Opcode ID: be9c3fba1524a9831f00a64ebe1cbd2c989453b1f68fcf65fd57b8fa466c6a0e
                                                                                                                                                                                                                  • Instruction ID: 8f7a6800646dd5f9934f70136a0a754ac5c9e30a4fad7423a9f200786991d203
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be9c3fba1524a9831f00a64ebe1cbd2c989453b1f68fcf65fd57b8fa466c6a0e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27F0FEA0E19B03E1EA10AB51FC74074A3A0BF09741BD45435E81E07360EFBCA25DE3A0
                                                                                                                                                                                                                  Function 00007FF73E529A6C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                                  • Opcode ID: f516600e8fbc88aa12e35443ceb3258208ae70d0e3635c842715d7a4cc6cae7c
                                                                                                                                                                                                                  • Instruction ID: 5b2d079d40bfa813e83e09c4b6b5189d9cb136b7bed884efa5fcc0d8102f851a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f516600e8fbc88aa12e35443ceb3258208ae70d0e3635c842715d7a4cc6cae7c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FD1E532E0874596EB60EF65D8603ADB7A0FB44798F800135EE8D97B95CF38E498D710
                                                                                                                                                                                                                  Function 00007FFE0050C0A0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _vfwprintf_l
                                                                                                                                                                                                                  • String ID: -----END PUBLIC KEY-----$ public key hash: sha256//%s$-----BEGIN PUBLIC KEY-----$;sha256//$sha256//
                                                                                                                                                                                                                  • API String ID: 1692953108-3135331655
                                                                                                                                                                                                                  • Opcode ID: a5a624a8bec2a46538964f260a00f6ee21948b7097ecf6c7ca442c2bb33f5067
                                                                                                                                                                                                                  • Instruction ID: 421b27531e4d1bb98a292874e89ebdf187fe01ca2a29c448742a91bbd08c28a6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5a624a8bec2a46538964f260a00f6ee21948b7097ecf6c7ca442c2bb33f5067
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59A17221A0D74681FE349B62A4642BD6A91AF4ABD5F884631DF4D077BEEF3CE645C300
                                                                                                                                                                                                                  Function 00007FF73E4C5EA0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 157COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Setgloballocalestd::locale::_
                                                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                  • API String ID: 801953252-1866435925
                                                                                                                                                                                                                  • Opcode ID: 639d12fc8ffd4ac84a0dbec03472174e01c6f7be05e079faedd803460fac30eb
                                                                                                                                                                                                                  • Instruction ID: 4a2745d58e6d2384d08f8556ab88607631311da8d031411b7a2f6976222ff472
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 639d12fc8ffd4ac84a0dbec03472174e01c6f7be05e079faedd803460fac30eb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40518332A08B46A6EB14EF15E8502A9B360FB48F94F984035EA8D47765DF3CE599D320
                                                                                                                                                                                                                  Function 00007FFE004D4880 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 142COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: SimpleString::operator=
                                                                                                                                                                                                                  • String ID: ;type=$;type=%c$?%s$ftp$http
                                                                                                                                                                                                                  • API String ID: 356670603-3547414
                                                                                                                                                                                                                  • Opcode ID: 02c0c933b35096f7ea2677a51ee52f4fb94c982c6babc2dd40a0052661875f1b
                                                                                                                                                                                                                  • Instruction ID: 4668d9596f0ce5270ed5188555351b09a7d4c59951f458150eca17aeab12f4c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02c0c933b35096f7ea2677a51ee52f4fb94c982c6babc2dd40a0052661875f1b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3351B331B0868346FB64DBA2A5546BA67D0AF85BC0F484436DF8D477BAEE3CE5418308
                                                                                                                                                                                                                  Function 00007FF73E546454 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF73E546EA0,?,?,?,?,00007FF73E53D6A5,?,?,?,?,00007FF73E500768), ref: 00007FF73E5465D0
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF73E546EA0,?,?,?,?,00007FF73E53D6A5,?,?,?,?,00007FF73E500768), ref: 00007FF73E5465DC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                  • Opcode ID: 5bf6e9d6ca9fd1ae9bf18b1eac5064f1589509e15abf7580bf06257b7c555392
                                                                                                                                                                                                                  • Instruction ID: 41aaddcc1bebd11c23dc91617ea401c3d2ed5fb931a701b876c189f40ab2ffd4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bf6e9d6ca9fd1ae9bf18b1eac5064f1589509e15abf7580bf06257b7c555392
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D417B71B1A62661FB11EB169D206B5A391BF09BE0FD54135EC0E47798EF3CE40CAB20
                                                                                                                                                                                                                  Function 00007FF73E4D5440 Relevance: 12.2, APIs: 8, Instructions: 163COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Concurrency::cancel_current_taskLockit::_Lockit::~_$Facet_Register_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 918977288-0
                                                                                                                                                                                                                  • Opcode ID: b7499a81261394027e74804ae8e8da5af15f6afab98d148efdb172e984f5213e
                                                                                                                                                                                                                  • Instruction ID: 3051737425d0d15773b69f73c949bcb0de4f8678dbebf264f9ac9ec6501492b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7499a81261394027e74804ae8e8da5af15f6afab98d148efdb172e984f5213e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3351D823A09743E1EE55BB11E85027AA360EF49BA4FD90631FE6D077D6DE3CE4499320
                                                                                                                                                                                                                  Function 00007FF73E534254 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: f$p$p
                                                                                                                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                  • Opcode ID: 9d58aca4c10ea455e4063651d96423c49357bffd45508ace328fa0631b3429cc
                                                                                                                                                                                                                  • Instruction ID: 39e5b27e6ed703457b69d3f1f3f3f08bf8a3d3f2c66d41a0150de2162e4ff1c2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d58aca4c10ea455e4063651d96423c49357bffd45508ace328fa0631b3429cc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9412B572E0C14366FB24BE14D8343BAF6A2EB40756FD44135D69947AC4DF3EE498AB20
                                                                                                                                                                                                                  Function 00007FFE0051C26C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: f$p$p
                                                                                                                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                  • Opcode ID: 4612a0387e1018488ce959ec7b7204abe382a1047c0883be4a9863abf5dce2aa
                                                                                                                                                                                                                  • Instruction ID: 8a964e190fb425b118f2864f0e01719fbbaef7d2b9a0ea69800f5ee5c2a78001
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4612a0387e1018488ce959ec7b7204abe382a1047c0883be4a9863abf5dce2aa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80127F72E4C14386FB349A59D0542F97A93FB80B50F945136E79A467ECDF7EE8808B04
                                                                                                                                                                                                                  Function 00007FFE005261D4 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 5640a527105fe59fcf6cd21e20d128eba3d9d2a48d5a959aaeb3d0cc76e301b8
                                                                                                                                                                                                                  • Instruction ID: 49e37ae951db4e3baa80291430299305ade630bc790dd485aa7f0d6bc6d670b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5640a527105fe59fcf6cd21e20d128eba3d9d2a48d5a959aaeb3d0cc76e301b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62C1D172A0CA8691EB759B9494802BE37A1FFA2B80F550131DB8E037B9DF7CE845C351
                                                                                                                                                                                                                  Function 00007FFE004D7740 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 186COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _vfwprintf_l
                                                                                                                                                                                                                  • String ID: %sAuthorization: NTLM %s$HTTP$NTLM$Proxy-
                                                                                                                                                                                                                  • API String ID: 1692953108-3948863929
                                                                                                                                                                                                                  • Opcode ID: 430d45d9ccbb632bdb7d5df8a009c9a03a3461fc9674faec2104f27e31cc1c62
                                                                                                                                                                                                                  • Instruction ID: ce1d3cd6f27d3c7dfbbf5cefd2fdb91f831e9ed1450072ecf81106379033b611
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 430d45d9ccbb632bdb7d5df8a009c9a03a3461fc9674faec2104f27e31cc1c62
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52814D3260CB8685EA20DF56E8547AE77A4FB84B84F400036EB8D47B69EF3CE655C744
                                                                                                                                                                                                                  Function 00007FFE004C76F0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 150networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WSAGetLastError.WS2_32 ref: 00007FFE004C78C0
                                                                                                                                                                                                                    • Part of subcall function 00007FFE004E6DB0: WSAGetLastError.WS2_32(?,00000000,?,?,000003E8,00000000,?,?,00007FFE004C6BB2), ref: 00007FFE004E6E9F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: *$FTP response aborted due to select/poll error: %d$FTP response timeout$QUOT string not accepted: %s$We got a 421 - timeout
                                                                                                                                                                                                                  • API String ID: 1452528299-64802194
                                                                                                                                                                                                                  • Opcode ID: c26d182aad25c6bb1c56e64fed6057f167bdcdd3b632541fd6b70c402cb4faf5
                                                                                                                                                                                                                  • Instruction ID: 15234150d5165cf13c40572ac4710f3f11fd4329fef25d0aa3ffc1a5f53c4dcd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c26d182aad25c6bb1c56e64fed6057f167bdcdd3b632541fd6b70c402cb4faf5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E51D451A0C68686FAF0AB269404BBA2690BF85B94F045131EF4D537EEDF3CE146CB18
                                                                                                                                                                                                                  Function 00007FFE004B6890 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 129networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastclosesocketgetpeername
                                                                                                                                                                                                                  • String ID: accepted_set(sock=%qd, remote=%s port=%d)$getpeername() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
                                                                                                                                                                                                                  • API String ID: 3555504163-3669066118
                                                                                                                                                                                                                  • Opcode ID: bba6c52c950219e14d07fff5ecb5f2e8a40c3e88abef05922b71e4f57fe7f4e9
                                                                                                                                                                                                                  • Instruction ID: 2f18f07dfcb8d3b9e0d7830a8d7519bafcdcaa406db4c0aacf55d1442f461311
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bba6c52c950219e14d07fff5ecb5f2e8a40c3e88abef05922b71e4f57fe7f4e9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B51AD72A18BC286EA60DB11E4443FA6361FB89B88F455132EF8D5776ADF7CE085C740
                                                                                                                                                                                                                  Function 00007FF73E52C39C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF73E52C64E,?,?,?,00007FF73E52C340,?,?,?,00007FF73E528E41), ref: 00007FF73E52C421
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF73E52C64E,?,?,?,00007FF73E52C340,?,?,?,00007FF73E528E41), ref: 00007FF73E52C42F
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF73E52C64E,?,?,?,00007FF73E52C340,?,?,?,00007FF73E528E41), ref: 00007FF73E52C459
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF73E52C64E,?,?,?,00007FF73E52C340,?,?,?,00007FF73E528E41), ref: 00007FF73E52C4C7
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF73E52C64E,?,?,?,00007FF73E52C340,?,?,?,00007FF73E528E41), ref: 00007FF73E52C4D3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                  • Opcode ID: 025ae6fcda4b68bdfcc1f9bfdfbe2f96767a3fa0578a20b3520513d70c6ce0dc
                                                                                                                                                                                                                  • Instruction ID: 42086c2fcf9276f91d1b7e981e0be00c35c39d72272e494e251a613adc958f73
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 025ae6fcda4b68bdfcc1f9bfdfbe2f96767a3fa0578a20b3520513d70c6ce0dc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E310521B1A746B1EE11EB06AC20576A394BF48BA5F9A0535ED1D47791EF3CE048D360
                                                                                                                                                                                                                  Function 00007FFE00514188 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FFE00514347,?,?,?,00007FFE00512D7C,?,?,?,?,00007FFE005129DD), ref: 00007FFE0051420D
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FFE00514347,?,?,?,00007FFE00512D7C,?,?,?,?,00007FFE005129DD), ref: 00007FFE0051421B
                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FFE00514347,?,?,?,00007FFE00512D7C,?,?,?,?,00007FFE005129DD), ref: 00007FFE00514245
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FFE00514347,?,?,?,00007FFE00512D7C,?,?,?,?,00007FFE005129DD), ref: 00007FFE005142B3
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FFE00514347,?,?,?,00007FFE00512D7C,?,?,?,?,00007FFE005129DD), ref: 00007FFE005142BF
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                  • Opcode ID: e913d7668ea341b86073c86b602d13b59064771d3c10b4498954f96ba6533d83
                                                                                                                                                                                                                  • Instruction ID: 22947eb57dc9f3a960b1b2a99079a636ea365727ed6c5a69036a2946e56e95c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e913d7668ea341b86073c86b602d13b59064771d3c10b4498954f96ba6533d83
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3131E525B1AA4695EE71DB56E4001B62395BF49BA0F591534EF6D073A8DF3CE0818700
                                                                                                                                                                                                                  Function 00007FF73E509A68 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF73E509B1C
                                                                                                                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF73E509ADB
                                                                                                                                                                                                                  • :AM:am:PM:pm, xrefs: 00007FF73E509B3A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Maklocstr
                                                                                                                                                                                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                  • API String ID: 2987148671-35662545
                                                                                                                                                                                                                  • Opcode ID: ebf97b3d2e1b8755cd32686afcd80476970d0009d3fb23322aa7a2b461faec78
                                                                                                                                                                                                                  • Instruction ID: bcd2193233f7f30714f3bd7a2c76870b6bb2fe83e4562b9a34610beb5313ae38
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebf97b3d2e1b8755cd32686afcd80476970d0009d3fb23322aa7a2b461faec78
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F218026A04B8595EB10EF21D8612A9B3A1FB89F80F898131EF4D03746EF3CE549D351
                                                                                                                                                                                                                  Function 00007FF73E509B68 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF73E509BD2
                                                                                                                                                                                                                  • :AM:am:PM:pm, xrefs: 00007FF73E509C1E
                                                                                                                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FF73E509C0E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Maklocwcsstd::_
                                                                                                                                                                                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                                                  • API String ID: 409834924-3743323925
                                                                                                                                                                                                                  • Opcode ID: 00c4bd819e6e6fae748fc4ba37bb7635a7cd5aa8c114ec171783f88ae866ff2e
                                                                                                                                                                                                                  • Instruction ID: 2ed375e2e6638a1dd6433614790ce4283b2c66544dcf926f7f2fdb62b4e0246b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00c4bd819e6e6fae748fc4ba37bb7635a7cd5aa8c114ec171783f88ae866ff2e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87216222A04B4196EA10FF25E9603ADB3A0EB95B80F884135EB4E43756EF7CE544D751
                                                                                                                                                                                                                  Function 00007FF73E5523F4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                  • Opcode ID: 86a351f490f4f721a77f758b8167ac5f5c8b66944e376008365e9fa7e8cac005
                                                                                                                                                                                                                  • Instruction ID: 141a2f84e6e1ad651d4cc45574425becf90e8e0bfb730fda733e19b66c09d5ce
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86a351f490f4f721a77f758b8167ac5f5c8b66944e376008365e9fa7e8cac005
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10119071B18B4192E350AB52EC64329B6A0FB88BE4F804234EE1E87BE4DF3CD5588750
                                                                                                                                                                                                                  Function 00007FF73E4F21E0 Relevance: 10.5, APIs: 7, Instructions: 45synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastObjectReleaseSemaphoreSingleWait$CriticalLeaveSection
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3916595786-0
                                                                                                                                                                                                                  • Opcode ID: caf24abae132212120100d8f96b46d5df2bebd2d888b006e945ee0c6541f1d81
                                                                                                                                                                                                                  • Instruction ID: 3b1769701e34e925da7c4ab57411f7000bc96529ffc84c3e8635bd2141a655f8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: caf24abae132212120100d8f96b46d5df2bebd2d888b006e945ee0c6541f1d81
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3116072A09602E7E750AF64E85437873A1FB48F58F964131D91A061E4CF7DE48E9A60
                                                                                                                                                                                                                  Function 00007FF73E4F2E40 Relevance: 10.5, APIs: 7, Instructions: 44synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorEventLastObjectSingleWait$ReleaseSemaphore
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3408593074-0
                                                                                                                                                                                                                  • Opcode ID: 901957256ab6b6dee93834dc4f7c37293ffe4e852b11331eea2c6da0fa80c294
                                                                                                                                                                                                                  • Instruction ID: 387650a8461bd80796244d451f94b4d891363e57ac5b8679cea3367ac0ef2cd4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 901957256ab6b6dee93834dc4f7c37293ffe4e852b11331eea2c6da0fa80c294
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D114631A1894392E750AF35D86027973A1EF88F54F914130E91E462D4DF3CD98ED714
                                                                                                                                                                                                                  Function 00007FF73E527868 Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2984826149-0
                                                                                                                                                                                                                  • Opcode ID: 39ee30d670700b51f768ecf3872e56eb10b05da7d351e44bb1524caf71956d12
                                                                                                                                                                                                                  • Instruction ID: 6d30479e9b8b325f983aa26eb529dedfdd30f01bf79a42e2eca67e51e14c8f4a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39ee30d670700b51f768ecf3872e56eb10b05da7d351e44bb1524caf71956d12
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EA1A432A0878666FB21EB24C8603B9A6A1EF447A4FC44531DE5D877C5EF3DE548A360
                                                                                                                                                                                                                  Function 00007FF73E507760 Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2829165498-0
                                                                                                                                                                                                                  • Opcode ID: b30b4f706873f2a0c090d7f094beb5a16e7e1ca47d67ecbdd4df494fe4f4f681
                                                                                                                                                                                                                  • Instruction ID: 9b01f91144e6934862cbdd75bd507f794508653b3a2337eb6d9896ce43ec0013
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b30b4f706873f2a0c090d7f094beb5a16e7e1ca47d67ecbdd4df494fe4f4f681
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A281B172A0874196EB20AF21D850379B3A5FF847A8F944631FA5D47BD8EF3CD8499320
                                                                                                                                                                                                                  Function 00007FF73E5352F4 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 7a76c05213f4aabddf54bbba652960408281b758e2ef2284dc9a2370d7df0013
                                                                                                                                                                                                                  • Instruction ID: ec054a32fbed39c126a8847506b56364e5df77fd4a2bd98187f7aa1e0b33510b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a76c05213f4aabddf54bbba652960408281b758e2ef2284dc9a2370d7df0013
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8651743290D686A5EB67AF24D8703BCF7919F41B44FD89031D68C07386DE2E944DA321
                                                                                                                                                                                                                  Function 00007FF73E521D34 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 3f40f1088296bda3a6e3eff7983263d02790bfd0a2939676260795152babbffb
                                                                                                                                                                                                                  • Instruction ID: 650b51bedb18950bfdea6b6c834f9028aa6f4e3d110ee7f50a175580f914d715
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f40f1088296bda3a6e3eff7983263d02790bfd0a2939676260795152babbffb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA41D722B19A06A2EB15BB15DD602B9E360FF44B90F880531EE5D477E5EF3CE459D320
                                                                                                                                                                                                                  Function 00007FF73E510518 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 26cb4ee57e0107330256d3a1f114543333a4759ddfc758b0b46ed161723da06b
                                                                                                                                                                                                                  • Instruction ID: 15ac07d80298969ad3da23c2b338e0e173d43895b554c350cab127c9232e77b1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26cb4ee57e0107330256d3a1f114543333a4759ddfc758b0b46ed161723da06b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B141B627A19A42A1FF05BB12DC6027DE360FF84B94F980531EE1C07695DE7CE859E320
                                                                                                                                                                                                                  Function 00007FF73E50420C Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: adfd1d804130aeac8e920c282e726cdec2ff3e0c323265c5f1a8d85f7efce55f
                                                                                                                                                                                                                  • Instruction ID: 2363abc5f856c1a49a2763bb851ceaa48ba47d2e2aaa9dd31443542cc9dec7c6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adfd1d804130aeac8e920c282e726cdec2ff3e0c323265c5f1a8d85f7efce55f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0631C722A19A02A1FB15FB15DC701BCE360EF88B55F880531EE5D47695EF3CEC899321
                                                                                                                                                                                                                  Function 00007FF73E507418 Relevance: 9.1, APIs: 6, Instructions: 94threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 184115430-0
                                                                                                                                                                                                                  • Opcode ID: 4d2c2d5fb53194713c5e4a624c942537d864445bc72318f031388204bb3796c6
                                                                                                                                                                                                                  • Instruction ID: dc561bb579297aba1a765dade6afe569edc967d478fce11b3d6bedbd5bdcd507
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d2c2d5fb53194713c5e4a624c942537d864445bc72318f031388204bb3796c6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7413132A18602E7E764BF14E860279B760FB14B58FC04435E64E42694EF3CEC99E762
                                                                                                                                                                                                                  Function 00007FF73E503FDC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: d73436e443f35fa69b4096c45127cd444a21143b90fd4439c0a820f84bd84b9e
                                                                                                                                                                                                                  • Instruction ID: 16634dda77e6f48096793d044bba66d5828388534eb8b73b755728f9c40f2c65
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d73436e443f35fa69b4096c45127cd444a21143b90fd4439c0a820f84bd84b9e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A931E522A09A02A1EB01FB15DC70179F320EB44BA5F880531FE5D1B695EE3CED4E9321
                                                                                                                                                                                                                  Function 00007FF73E5040F4 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 7c216345d89b75738eafb25371871a8b7719f716ecf09f00d72aa1dfad757063
                                                                                                                                                                                                                  • Instruction ID: fcebe621b7fff86cccaab051f3784b03efa7b44b817ab4a64e771046a3c6786c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c216345d89b75738eafb25371871a8b7719f716ecf09f00d72aa1dfad757063
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC31D626A19A4261FB05FF15DC601B8E320EB54BA1F880531FE5D07795EE3CE949D321
                                                                                                                                                                                                                  Function 00007FF73E5100B8 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: d79438a236ebfcc053374d141b9a790df67780579e45dbe86d9a985e9af870d9
                                                                                                                                                                                                                  • Instruction ID: 04b26fdadd0a8120aa3f6e26990a76ae459860cd9aea1615f47b45bdae08cb5a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d79438a236ebfcc053374d141b9a790df67780579e45dbe86d9a985e9af870d9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC31B823A49A42A1FE16BB56DC606BCE350EB48BA4F880531ED4D477E5DE7CE84DD320
                                                                                                                                                                                                                  Function 00007FF73E50FD70 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 8cbbb3feb719f819df0d1f924d425f3cba4a96f8aaeb15dc9e8b26a4b1997649
                                                                                                                                                                                                                  • Instruction ID: 5c67d584d0c781ec150fa81d07a56d80eb9ddc8055e6927e1c4fbfa528a71e38
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cbbb3feb719f819df0d1f924d425f3cba4a96f8aaeb15dc9e8b26a4b1997649
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4331B622A09A42A1EA45BB15DC601B8F311FB44BA4F880531EE0D477D5EF7CE84AD331
                                                                                                                                                                                                                  Function 00007FF73E50FE88 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 9c295b99eb0506968bdf9f55109cae137a8fbc14b422fbf9c3974728f70df29a
                                                                                                                                                                                                                  • Instruction ID: e3d43cbb5a80d92b57626c1c51543e9e643b0d74ff4bcc34cc94cb0388d5f75f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c295b99eb0506968bdf9f55109cae137a8fbc14b422fbf9c3974728f70df29a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC31BB22A09A4261EA15BB15EC60178E351FB44B94F880531FE4D577D5EF7CE84ED331
                                                                                                                                                                                                                  Function 00007FF73E50FB40 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: f0d95507d12d527a09722ede97be3f42c9e99a045572bb24216891ac93b7c12d
                                                                                                                                                                                                                  • Instruction ID: 4706e761bcf7ec958538cf294b8a3bb95168ca70bc8b537820908f00cddb6894
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0d95507d12d527a09722ede97be3f42c9e99a045572bb24216891ac93b7c12d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF31A422A19A46A1EA16BB15DC70178E350EB44BA4F880531EE0D57295EE7CE84AE731
                                                                                                                                                                                                                  Function 00007FF73E50FC58 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 73bda04bfb44b7f72038297a23b4bc2f00d09046e1659d03bb9da4d36f51af04
                                                                                                                                                                                                                  • Instruction ID: 9ff81accbf9e86efefdad69a14dbb7dc8fb0ef9ae6794bdda1e285aa21d65ccb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73bda04bfb44b7f72038297a23b4bc2f00d09046e1659d03bb9da4d36f51af04
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD31B623A09A42A1EB56BB15EC60179E320FB44BA4F880531EE0C477E5EE7CE95DD331
                                                                                                                                                                                                                  Function 00007FF73E521C1C Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 77767a2d532024d0cf7b9dde66c49b8985b6ec8969746a5e33dec43b3df44995
                                                                                                                                                                                                                  • Instruction ID: cc8e22fa90809685507128e642e0505565d56f2c88163a13d9313a9ece25c4d9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77767a2d532024d0cf7b9dde66c49b8985b6ec8969746a5e33dec43b3df44995
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8631F926A09A06B1EB15BB15DD602B9E360FB44BA4F880531EE4D473D5EF3CE84ED320
                                                                                                                                                                                                                  Function 00007FF73E5219EC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: e4e9ff31c0c8dc9d9d6a3854b26a91b546468e6d6a812ba86432ae5e3019916e
                                                                                                                                                                                                                  • Instruction ID: 92a833579dc8a87b30ab2af54fbb8ebc26b180f99a9844019f742c3819ff4359
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4e9ff31c0c8dc9d9d6a3854b26a91b546468e6d6a812ba86432ae5e3019916e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3631CA26A09A4661EB15BF15DD6027AE360EF44BA4F880532ED1D473D5DF3CE94ED320
                                                                                                                                                                                                                  Function 00007FF73E50FA28 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 5881ddc0df2831c2ae6106f7b408787c4747aafb1da1f109b04f33485c4246e4
                                                                                                                                                                                                                  • Instruction ID: 0017bcc37ba3ae7d9ffa28e6c146c3f846116ca80d11d8330647852dfc6d8ef1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5881ddc0df2831c2ae6106f7b408787c4747aafb1da1f109b04f33485c4246e4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1831A722A09A4261EA05BB15EC60179E351FB48BA4F880531FE0D57795EF7CE84AD331
                                                                                                                                                                                                                  Function 00007FF73E521B04 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 5db776f6323530e77bcbef5bd6935252a1cf9115d4344bb729426fd104810662
                                                                                                                                                                                                                  • Instruction ID: 75e21dc4a224c7642835ce0b4fdcadacff6b63249f08d66bda77caf918a0ab05
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5db776f6323530e77bcbef5bd6935252a1cf9115d4344bb729426fd104810662
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B31CA22A09A4660EA15BF15DD60279E370FB44BA4F880531EE4D477D5EF3CE94ED320
                                                                                                                                                                                                                  Function 00007FF73E50F7F8 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: d61a7d0a425145f796a641d915e85631c1738c9826a655d4ab8b58525fd00329
                                                                                                                                                                                                                  • Instruction ID: dec7bbe4040bd2ec69cf8dc7d9b507dcb493fbe5477a8e9e09343837da1d8913
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d61a7d0a425145f796a641d915e85631c1738c9826a655d4ab8b58525fd00329
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D031A722A09642A5FB05FB25DC601B8E311EF44BA4F880531EE0D57795EF7CE84AE331
                                                                                                                                                                                                                  Function 00007FF73E5217BC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 1f45d371911334c7b4e3af64f25bf93ed54f168f876d8c02eefef53d06bd79c7
                                                                                                                                                                                                                  • Instruction ID: 385ac17737f143f20d6d6a7f68f548bad735da86209ca6e04bdbb99d2c80fba6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f45d371911334c7b4e3af64f25bf93ed54f168f876d8c02eefef53d06bd79c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8131CC26A09A4660FA15BB55DD6027DE360FF44BA4F880531DE0D87795DF3CE54ED320
                                                                                                                                                                                                                  Function 00007FF73E50F910 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: bf23c5106bbf69cbbd51cacb9ffaf42f9dd14739289b372323c573fcf5a2984a
                                                                                                                                                                                                                  • Instruction ID: eac66977250dfb23cd0479edcb519081a8d4001b7c1fb514069956a7c0b76655
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf23c5106bbf69cbbd51cacb9ffaf42f9dd14739289b372323c573fcf5a2984a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85319622A09A4271EA15BB15EC60178E351EB44BA4F880931EE4D577D5EF7CEC4ED331
                                                                                                                                                                                                                  Function 00007FF73E5218D4 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 3d364c94fb2de322516c6cc64521543476b40a37d7298ded65a4365b8675e457
                                                                                                                                                                                                                  • Instruction ID: 6b776ce4afe1988435fbb782d1275bb7cd5b6e3f254612adabfbc6a68fbff546
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d364c94fb2de322516c6cc64521543476b40a37d7298ded65a4365b8675e457
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F431C822A09A4670FB15BB16DD602B9E360EF49BA0F880531EE4D873D5DE7CE84DD320
                                                                                                                                                                                                                  Function 00007FF73E5216A4 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 0135745c52e5869ae7490a31252d9a18e10bfb2eaabe09ea397b71d106e610d4
                                                                                                                                                                                                                  • Instruction ID: f48142428e23512e0e12551019a15ba4b52575f43f27596ce554c75ac56b7478
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0135745c52e5869ae7490a31252d9a18e10bfb2eaabe09ea397b71d106e610d4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E31CA26A09A4660EE15BB15DD60679E360EF84BA4F8C0531EE0D873D5EF7CE84DD320
                                                                                                                                                                                                                  Function 00007FF73E510400 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: a8818a5233597ac2a01963567ac9ffc3efb2efac7556ff6e09be84775f52a666
                                                                                                                                                                                                                  • Instruction ID: 76fab9ef829af0b96a512f366d2ec691f9c6e88af721e726ee93ed4486b60906
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8818a5233597ac2a01963567ac9ffc3efb2efac7556ff6e09be84775f52a666
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A231A823A09642A1EE55FB16DCA027CE350EB44BA4F880531EE4D47795DEBCE84DA320
                                                                                                                                                                                                                  Function 00007FF73E5101D0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 3979325976cc02259334af68403372ec5e8ac9a7cde520f8b7390520a6cb91f5
                                                                                                                                                                                                                  • Instruction ID: ff5ce30efd5c17c809ce845dd7ee8078334dbb492759d60f03714f6e0e276668
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3979325976cc02259334af68403372ec5e8ac9a7cde520f8b7390520a6cb91f5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D31C522A09A46A1EE06BB56DC606BCE351FB44BA4F880532EE1C476D5DF7CE84DD321
                                                                                                                                                                                                                  Function 00007FF73E5102E8 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: fbd055dc525e7fa2f92b6d645c458c6f8a9dd45e8c7b04cc32e5839457880ce1
                                                                                                                                                                                                                  • Instruction ID: 7cfe24c103b7e95c1758bc6cb8d9ae75fb86c7701bc29c09a5188d705119794d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbd055dc525e7fa2f92b6d645c458c6f8a9dd45e8c7b04cc32e5839457880ce1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3531B826A09646A6EE06BB16DC6027CE311FB44BA4F880531EE4D476A5DF7CE84ED320
                                                                                                                                                                                                                  Function 00007FF73E52158C Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                  • Opcode ID: 70af634fe4e312aeb951d04fa89894e3b05524ed112e3a2e8f210a9775e8d836
                                                                                                                                                                                                                  • Instruction ID: b2761db4463dba5838310f69367af0491219dc02c46ee8d58aee5a18de10a83b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70af634fe4e312aeb951d04fa89894e3b05524ed112e3a2e8f210a9775e8d836
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B631B622A09A4661EE15BB15DD602BDE360FB48BA4F8C0531EA5D87795EF3CF44ED320
                                                                                                                                                                                                                  Function 00007FF73E4CC8F0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Item$DialogText
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1417051379-0
                                                                                                                                                                                                                  • Opcode ID: b77b97232568dd9de4074eb4e9b4b5eaeda26c8557df9e72656b2081c6bc7eda
                                                                                                                                                                                                                  • Instruction ID: 21410f46e85a29b148e3204ab23455c5f582c973fb0d038130658219966191d3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b77b97232568dd9de4074eb4e9b4b5eaeda26c8557df9e72656b2081c6bc7eda
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A319371A18682E1F720AB11EC542B9A361FB49B84F805231E94E13AE4CE7DE289D720
                                                                                                                                                                                                                  Function 00007FF73E529F3C Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                  • API String ID: 3523768491-393685449
                                                                                                                                                                                                                  • Opcode ID: 922938cd76d0796beea97d606a0c47ed73e98d45d7264ae211b331a702c1f652
                                                                                                                                                                                                                  • Instruction ID: 9613fdb6751a799bb71dcd4d7527ce0684cc597f13519ba528c911ec9f3c5aa3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 922938cd76d0796beea97d606a0c47ed73e98d45d7264ae211b331a702c1f652
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BE1D23390878A9AE710EF64D8A03ADB7A0FB44758F954135EA8C97796CF38E489D710
                                                                                                                                                                                                                  Function 00007FF73E541DF0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF73E53E2B1,?,?,?,?,00007FF73E5434D8), ref: 00007FF73E541DFF
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF73E53E2B1,?,?,?,?,00007FF73E5434D8), ref: 00007FF73E541E35
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF73E53E2B1,?,?,?,?,00007FF73E5434D8), ref: 00007FF73E541E62
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF73E53E2B1,?,?,?,?,00007FF73E5434D8), ref: 00007FF73E541E73
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF73E53E2B1,?,?,?,?,00007FF73E5434D8), ref: 00007FF73E541E84
                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF73E53E2B1,?,?,?,?,00007FF73E5434D8), ref: 00007FF73E541E9F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                  • Opcode ID: d3641033ac8130d434de9c7b5b115b1788dfb9a4f12b3364d948b4a546236a9e
                                                                                                                                                                                                                  • Instruction ID: d4f2b63607a038d7e62f3c86595e258857821bf27971bd224a9a1da3c27e1afa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3641033ac8130d434de9c7b5b115b1788dfb9a4f12b3364d948b4a546236a9e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26118E24F0D26661FA1477225E71179E3825F447B0FE44634ED3E077D6DE2CA4596B30
                                                                                                                                                                                                                  Function 00007FFE004FC730 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 293networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Ioctlsetsockopt
                                                                                                                                                                                                                  • String ID: $Failed to alloc scratch buffer$We are completely uploaded and fine
                                                                                                                                                                                                                  • API String ID: 1903391676-2090592439
                                                                                                                                                                                                                  • Opcode ID: 606607329989b586cbee1c0fc5b247163e526c502714067f18923e96286ff9be
                                                                                                                                                                                                                  • Instruction ID: 3aa752aec4a5f82e8e572a42c3526edcc0a5bbd5ed88b8b732b878926de3c702
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 606607329989b586cbee1c0fc5b247163e526c502714067f18923e96286ff9be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39D19F72A09BCA85EB618F25D6847F923A0EB45B89F084135CF8D177ADDF78E485C314
                                                                                                                                                                                                                  Function 00007FF73E4C4AC0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 223COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                  • String ID: %s="%s"$%s='%s'
                                                                                                                                                                                                                  • API String ID: 3668304517-2662834028
                                                                                                                                                                                                                  • Opcode ID: 44a365c06dfd9a5fd3c7f6bc4991447016c208fce06f71513633cdafc0e91b72
                                                                                                                                                                                                                  • Instruction ID: 73dad0444c625a70c2a2d64063374b429668855fc8b293a93abb6ff7a90da4c2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44a365c06dfd9a5fd3c7f6bc4991447016c208fce06f71513633cdafc0e91b72
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9691F862F04A8275FB00EB25D5103BC6361EB49BA8F855331FA6D17AD6DF28E4D99310
                                                                                                                                                                                                                  Function 00007FF73E5150B8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Maklocstr$Getvals
                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                  • API String ID: 3025811523-2658103896
                                                                                                                                                                                                                  • Opcode ID: 85600f4aa5d1e03f3925ac2c5545af21d6cd319d21c3769c95aacaffdaf9a8f0
                                                                                                                                                                                                                  • Instruction ID: e43cf7faee05a4f90075a1b7a8468d4753e997292a459a2e035505a54009bcdd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85600f4aa5d1e03f3925ac2c5545af21d6cd319d21c3769c95aacaffdaf9a8f0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7418D22B08A81A9F710DF74D8501EC73B1FB88748B805226EE4D27A59EF38D69AD350
                                                                                                                                                                                                                  Function 00007FFE005246E4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                  • Opcode ID: 065da74b79ac18ec194c8520db863d5e34aeca65b7e661bac71389500fbb7caf
                                                                                                                                                                                                                  • Instruction ID: 2c18a56c7158d85fa2e6b8f0d75f4efeadf5602757f1b52f831a75392d96cf85
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 065da74b79ac18ec194c8520db863d5e34aeca65b7e661bac71389500fbb7caf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5F0C261A18A0A85EA308B64E4543792320EF8A760F540235DB6E467F8CF2CD049C700
                                                                                                                                                                                                                  Function 00007FF73E52933C Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                                                  • Opcode ID: c81e2222573a11e63afa75858343614966bcc5c973740bdba2d92e06477d9a6e
                                                                                                                                                                                                                  • Instruction ID: d2c980a291bf992293dbf4580ee05fd7390e30fb0b7d46d57471b88e8bad4a45
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c81e2222573a11e63afa75858343614966bcc5c973740bdba2d92e06477d9a6e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78B1D621F0E68AA1EE65BF159DA0279E390FF44B80F898435DE4D87785DF3CE449A360
                                                                                                                                                                                                                  Function 00007FF73E4DAE40 Relevance: 7.8, APIs: 5, Instructions: 286COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3936042273-0
                                                                                                                                                                                                                  • Opcode ID: ee194d70920fe667e5458926bfd80c13cb83cda9107fa9f362f06e9e53bfe4b2
                                                                                                                                                                                                                  • Instruction ID: 058a1786992d0b02eb4578763c797c12d8cc081e782f1685bf2c73f9f6b3e4f4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee194d70920fe667e5458926bfd80c13cb83cda9107fa9f362f06e9e53bfe4b2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92C1D363F14B46A6FB50EB68D0043AD6375EB48B98F814621EE5D23B9ADF38E049D350
                                                                                                                                                                                                                  Function 00007FF73E4DAA60 Relevance: 7.8, APIs: 5, Instructions: 270COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3936042273-0
                                                                                                                                                                                                                  • Opcode ID: f766c7d28f727ce59d75b2f05678bca612750c1a35e6eb4eb5f33f4522742262
                                                                                                                                                                                                                  • Instruction ID: ae7cedabcad15a362520cc99762d4f21adec32824e359bc30f8aa64df77dbcda
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f766c7d28f727ce59d75b2f05678bca612750c1a35e6eb4eb5f33f4522742262
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37B1FA63F08B466AFF40EB68D0443AD6362EB49798F864231EE5D177DADE38D449E310
                                                                                                                                                                                                                  Function 00007FF73E54D580 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                  • Opcode ID: 2cc1c9a9a2fb17dc39535320ca06befbc7cf45e6b9bba420271fe41f4c6d400f
                                                                                                                                                                                                                  • Instruction ID: ddb0cf0a6f49ae689f8cb9c0d1fd4a7edc33cfc1c6d0c578bd131fad03c61f9b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cc1c9a9a2fb17dc39535320ca06befbc7cf45e6b9bba420271fe41f4c6d400f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26813812908A66E5F332BB34AC6037AE790AF85354FA54331ED4E165D4DF3CE589AF20
                                                                                                                                                                                                                  Function 00007FF73E53A4E0 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2067211477-0
                                                                                                                                                                                                                  • Opcode ID: 2cf5cc0a9476034b5790c0a79ea15ad9b43256b54329d95fa5ecce7b6cbed884
                                                                                                                                                                                                                  • Instruction ID: 92c38cc5c13e5a4e8ad246e99279f31fd8516cdad1489702d2f5439b5c99e581
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cf5cc0a9476034b5790c0a79ea15ad9b43256b54329d95fa5ecce7b6cbed884
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22218375B09742A5EE15FF55AC20279F3A0AF88B90F844531EE4D43796DE3DE4489720
                                                                                                                                                                                                                  Function 00007FF73E552958 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                  • Opcode ID: 26929c126217da8a9a3bad1213e1c4bd12bd8c5b792991e1a07419b7ed80fcd6
                                                                                                                                                                                                                  • Instruction ID: 1549778bd211cd43114210fa6d7fca2a6c231e5a271eca5600011801e175cc25
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26929c126217da8a9a3bad1213e1c4bd12bd8c5b792991e1a07419b7ed80fcd6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0211C4ABE0CA03A1F7543164DC7237591706F55370F994A34F9AF0A7D68E1C68C9A320
                                                                                                                                                                                                                  Function 00007FF73E541EB8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF73E53837B,?,?,00000000,00007FF73E538616,?,?,?,?,?,00007FF73E5385A2), ref: 00007FF73E541ED7
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF73E53837B,?,?,00000000,00007FF73E538616,?,?,?,?,?,00007FF73E5385A2), ref: 00007FF73E541EF6
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF73E53837B,?,?,00000000,00007FF73E538616,?,?,?,?,?,00007FF73E5385A2), ref: 00007FF73E541F1E
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF73E53837B,?,?,00000000,00007FF73E538616,?,?,?,?,?,00007FF73E5385A2), ref: 00007FF73E541F2F
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF73E53837B,?,?,00000000,00007FF73E538616,?,?,?,?,?,00007FF73E5385A2), ref: 00007FF73E541F40
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                  • Opcode ID: d22d70aa03d52b140f07d7b46bb194252fcc10cd6711327c1dcf5974661e8ad5
                                                                                                                                                                                                                  • Instruction ID: 2b8d72668166cc7762ed491df778699e1c12ab0d25412eb184b9599f3de68eaa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d22d70aa03d52b140f07d7b46bb194252fcc10cd6711327c1dcf5974661e8ad5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12119D25E0926621FA58B7265E71279E2859F407B0FE44234EC3D067D6DF2CF40A6B30
                                                                                                                                                                                                                  Function 00007FFE004F5514 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_CERT_UNKNOWN
                                                                                                                                                                                                                  • API String ID: 1452528299-1381340633
                                                                                                                                                                                                                  • Opcode ID: dcecbd8500d4273cffb9a1fb8cee0b41c32ad1cd74390ac55fa08658af60965e
                                                                                                                                                                                                                  • Instruction ID: d6ed88665c38e3bf1436ab2bd6abfda0caf7e6c94a510ff87a1db39e5886f5e5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcecbd8500d4273cffb9a1fb8cee0b41c32ad1cd74390ac55fa08658af60965e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9211A176A1CA4285F631AF50E4002F96261FF84751F800032EB8E127BEDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F5508 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_CERT_EXPIRED
                                                                                                                                                                                                                  • API String ID: 1452528299-3862749013
                                                                                                                                                                                                                  • Opcode ID: f3c02919c122b5b529e7f1216f769e2f463639de6d8e360f200e5845b32de889
                                                                                                                                                                                                                  • Instruction ID: 20f22f12180e322a73acad45b7f3a01990dcb04de78a19cccf4e2e3e71330257
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3c02919c122b5b529e7f1216f769e2f463639de6d8e360f200e5845b32de889
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D911A176A0CA4295F671AF50E4002F96261FF84751F800032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F5538 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_CROSSREALM_DELEGATION_FAILURE
                                                                                                                                                                                                                  • API String ID: 1452528299-4241613852
                                                                                                                                                                                                                  • Opcode ID: 6f6b0771ae99e1dc7c25d6091ac93239df8f0782c8cfa1d9d024b85c9aa9b0df
                                                                                                                                                                                                                  • Instruction ID: f4db45894e1e1a9050c01f43bb36d8ede2ed2c2e386645c88309944ca93ef099
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f6b0771ae99e1dc7c25d6091ac93239df8f0782c8cfa1d9d024b85c9aa9b0df
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F11A176A1CA4285F675AF50E4002F96261FF88751F800032EB8E127BDDF3CE548CB54
                                                                                                                                                                                                                  Function 00007FFE004F552C Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_CONTEXT_EXPIRED
                                                                                                                                                                                                                  • API String ID: 1452528299-1320710087
                                                                                                                                                                                                                  • Opcode ID: 51c24b4b35f4b9ab694ab6f67c395084a462801ac7656bddf316e00cb8541d26
                                                                                                                                                                                                                  • Instruction ID: 9fcde4c6f96e5f8e6a5711166f2a05b006fc0d41903a5ece5cabdc2e80178248
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51c24b4b35f4b9ab694ab6f67c395084a462801ac7656bddf316e00cb8541d26
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C118E76A0CA4285F631AF50A4002F96261FF84751F800032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F5520 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_CERT_WRONG_USAGE
                                                                                                                                                                                                                  • API String ID: 1452528299-580453001
                                                                                                                                                                                                                  • Opcode ID: f5391450d0df1b01036353834f2f695677b59500791bc08a720ac7200a9e2e84
                                                                                                                                                                                                                  • Instruction ID: b3f3365e8c3b16f9ad1c22f56995fc45c822441078f9e46464a5b8fd2fa2687c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5391450d0df1b01036353834f2f695677b59500791bc08a720ac7200a9e2e84
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E11A176A0CA4295F671AF50E4002F96261FF84751F800032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F54D5 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_BAD_BINDINGS
                                                                                                                                                                                                                  • API String ID: 1452528299-2710416593
                                                                                                                                                                                                                  • Opcode ID: b9c3bbe74e30933e03e8128827ce6d427a5e598b24ff2046ad4a2f05e9352f37
                                                                                                                                                                                                                  • Instruction ID: e4c76651b0c6a88a55b01636bbc5c19c496bd4380c45f72f4405dd63aa9f323b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9c3bbe74e30933e03e8128827ce6d427a5e598b24ff2046ad4a2f05e9352f37
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F118E76A0CA4295F671AF50A4002F96261FF88751F800036EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F54FC Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_CANNOT_PACK
                                                                                                                                                                                                                  • API String ID: 1452528299-1502336670
                                                                                                                                                                                                                  • Opcode ID: 3963d3f7ff8661d2de2d028cb9aa9e6acd2dfb9f4636310f27d3e45922e56775
                                                                                                                                                                                                                  • Instruction ID: d29440560aca4ceb681f33986c9b5dcead333067849f4158fd119baf96c38891
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3963d3f7ff8661d2de2d028cb9aa9e6acd2dfb9f4636310f27d3e45922e56775
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8411A176A0CA4295F631AF50E4002F96261FF84751F800032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F54F0 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_CANNOT_INSTALL
                                                                                                                                                                                                                  • API String ID: 1452528299-2628789574
                                                                                                                                                                                                                  • Opcode ID: 5564ea0cc6db584bda4782c51b05677b698b434bd0e34f07e79549116ae0c9a7
                                                                                                                                                                                                                  • Instruction ID: d95213aab2b3cc2066a7b8ee7dacebea9e741f0aef7bc6547c757bb5dd52a72e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5564ea0cc6db584bda4782c51b05677b698b434bd0e34f07e79549116ae0c9a7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5311A176A0CA4295F671AF50E4002F96261FF84751F800032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F54E7 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_BUFFER_TOO_SMALL
                                                                                                                                                                                                                  • API String ID: 1452528299-1965992168
                                                                                                                                                                                                                  • Opcode ID: ab3394231f98bb3bd332bb3a2e9ff81e4ced6c2d1daf5dd1c0b6887af2cd38c0
                                                                                                                                                                                                                  • Instruction ID: 5f927ef489cbcdefbf3e4a5d3d35c957e2d60e7abb5d26ab317d2b91500529ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab3394231f98bb3bd332bb3a2e9ff81e4ced6c2d1daf5dd1c0b6887af2cd38c0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3411A176A0CA4685F631AF60E4002F96261FF84751F800032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F54DE Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_BAD_PKGID
                                                                                                                                                                                                                  • API String ID: 1452528299-1052566392
                                                                                                                                                                                                                  • Opcode ID: 3f10ed9142ced35825eed65b58050215b1ee718e70b40e69de44dd28a5cacce0
                                                                                                                                                                                                                  • Instruction ID: 44e528d66053e6aa9251408363cb7f3b9338d322a66abbbfbf19647f0c5a99a3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f10ed9142ced35825eed65b58050215b1ee718e70b40e69de44dd28a5cacce0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D711A176A0CA4285F631AF50E4002F96261FF84751F804032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F555C Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_DELEGATION_POLICY
                                                                                                                                                                                                                  • API String ID: 1452528299-2634068886
                                                                                                                                                                                                                  • Opcode ID: 6f22b02ef76b0ddd8b31ff50e14b11ad89f11915da37bea2f70851774ba6f5fc
                                                                                                                                                                                                                  • Instruction ID: f543f53e0ffeaf304282bb8c7d6457c2e57bcfe0050ff038c051e190fa766b6e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f22b02ef76b0ddd8b31ff50e14b11ad89f11915da37bea2f70851774ba6f5fc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD11A176A0CA4285F671AF50E4002F96261FF84751F800032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F5550 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_DECRYPT_FAILURE
                                                                                                                                                                                                                  • API String ID: 1452528299-544245674
                                                                                                                                                                                                                  • Opcode ID: 08ec40f485224e297f7ba69cd1eca635aa05c1cd5035102b5d27a8ca713ab6e9
                                                                                                                                                                                                                  • Instruction ID: c4577328a06602a6b036de6d5ff4b798254783a8a8d497fee3d51db71f3fe45f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08ec40f485224e297f7ba69cd1eca635aa05c1cd5035102b5d27a8ca713ab6e9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3911A176A0CA4285F631AF50E4002F96261FF84751F804032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F5544 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_CRYPTO_SYSTEM_INVALID
                                                                                                                                                                                                                  • API String ID: 1452528299-4258808491
                                                                                                                                                                                                                  • Opcode ID: 7ca539b6cb0b1527e0e8bcb23e1d73a2571d24fbc48b0f3d75b80929ae7a41c4
                                                                                                                                                                                                                  • Instruction ID: d6c87f6f55101da9fe48b72ca0e29026d4adcf0f3da5c899571283bd168a55fb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ca539b6cb0b1527e0e8bcb23e1d73a2571d24fbc48b0f3d75b80929ae7a41c4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0811A176A0CA4285F635AF50E4002F96261FF84751F800032EB8E127BDDF3CE548C754
                                                                                                                                                                                                                  Function 00007FFE004F5568 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_DELEGATION_REQUIRED
                                                                                                                                                                                                                  • API String ID: 1452528299-1475363564
                                                                                                                                                                                                                  • Opcode ID: 8731618397bc589847164594b005e430d260398331f7f95e92685f3949c450a7
                                                                                                                                                                                                                  • Instruction ID: b1aa2b42f4f406939aedfee53f203ee44688161388e3b748625afb8f4b6106ce
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8731618397bc589847164594b005e430d260398331f7f95e92685f3949c450a7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC118E76A0CA4285F631AF50A4002F96261FF84751F800032EB8E127BDDF3CE548CB54
                                                                                                                                                                                                                  Function 00007FFE004F546D Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                  • String ID: %s (0x%08X)$%s - %s$SEC_E_ALGORITHM_MISMATCH
                                                                                                                                                                                                                  • API String ID: 1452528299-618797061
                                                                                                                                                                                                                  • Opcode ID: a175e44a895d672cc33fe90e28e2101ad80454447340cfd95bc674a7dd305569
                                                                                                                                                                                                                  • Instruction ID: d99508e4132510ab4575319e1479a4c84fb3cd7fa71860f9005e86aa24f4b4ab
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a175e44a895d672cc33fe90e28e2101ad80454447340cfd95bc674a7dd305569
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3016176A1CA4695E671AF50E4102F96261FF88751F804036EB4E127BDDF3CD548C754
                                                                                                                                                                                                                  Function 00007FFE005027B5 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 281COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: SimpleString::operator=
                                                                                                                                                                                                                  • String ID: %$/
                                                                                                                                                                                                                  • API String ID: 356670603-2617147878
                                                                                                                                                                                                                  • Opcode ID: d5931c71878d0fb7ecdb478ec031e78c63afda1b58ca312242e1c7bffdad8922
                                                                                                                                                                                                                  • Instruction ID: f91e29623f7be8bfcafa0b7f3d7a6e750c0b5353b02ab792fec47f9aafff202b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5931c71878d0fb7ecdb478ec031e78c63afda1b58ca312242e1c7bffdad8922
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8C1D262F0C68645FBB18AA0C5583FD37A1AF05748F844032DB4E527EEEE6CEA45C314
                                                                                                                                                                                                                  Function 00007FF73E51F22C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 244COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 0-2626897407
                                                                                                                                                                                                                  • Opcode ID: d901a55cc4bab24007edbab56a33f3f98f378ad536fd15c2d89f3491311b791b
                                                                                                                                                                                                                  • Instruction ID: 73d3acd1cf940be8419381ac253c51d6d5d40de2c3849fc394ee5067f39818eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d901a55cc4bab24007edbab56a33f3f98f378ad536fd15c2d89f3491311b791b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4A1E262B08B85A5EB109B65E8503EDB371FB98B98F844131DE4C67B99DF3CD149D320
                                                                                                                                                                                                                  Function 00007FF73E543068 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                  • Opcode ID: e229a346d08f45070dd053e3398f1e2ec2d122bc36c57eb759740608c663395f
                                                                                                                                                                                                                  • Instruction ID: 28c6584ce53a368cf90822a9fc0424dbf210fb9818d5cf268a90303eef0f9c57
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e229a346d08f45070dd053e3398f1e2ec2d122bc36c57eb759740608c663395f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC81C576D0C272A5F6657E298930278B6A0AB31B44FF58034CA0D572A5CF2DF909BF21
                                                                                                                                                                                                                  Function 00007FFE00525844 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                  • Opcode ID: 74033e9cd47d3215882205b9e347dd1283af2cc75368dae4a57effb0991c671c
                                                                                                                                                                                                                  • Instruction ID: d0c87896db2cbb44f38e4b833fa1b2c591c333ce5804e5b3a5be7615636c6cea
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74033e9cd47d3215882205b9e347dd1283af2cc75368dae4a57effb0991c671c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1281B032D0CA42C9F7754AA882913792BA19F33768F695135DB0E463FDEB3DA881D701
                                                                                                                                                                                                                  Function 00007FF73E52A6B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                  • Opcode ID: 59276c69d7cb143a7a96286abbbb8ad65d43dd719943bd842369391ce4d6cae6
                                                                                                                                                                                                                  • Instruction ID: 7e1acded1486139db07355c3e06c855cf2ae097ab59fe84048091b9ee04a2114
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59276c69d7cb143a7a96286abbbb8ad65d43dd719943bd842369391ce4d6cae6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5391F373A08B899AE710EB65E8902ACB7B0FB44788F54413AEF8C57755DF38D199D700
                                                                                                                                                                                                                  Function 00007FF73E4D3F70 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 159COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                  • API String ID: 0-1866435925
                                                                                                                                                                                                                  • Opcode ID: a19fbf35b7783d0f436272c96a50822b117d926df6d5cc02ca1ecbfd71afb58e
                                                                                                                                                                                                                  • Instruction ID: 302554683d34cef207e6b8c859f18ffe7c40abb6726e3ad13014ef0a5101ccdf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a19fbf35b7783d0f436272c96a50822b117d926df6d5cc02ca1ecbfd71afb58e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C51B323609A46A1EF54EF15E4403BAA3A0EB88F84FA58435EE4D07766DF3DD84AD310
                                                                                                                                                                                                                  Function 00007FFE00512718 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                  • Opcode ID: 64d72c10dcef0b31eba07ae2e6e8716fa88d445eb3cdf0356ca4028fe95d120d
                                                                                                                                                                                                                  • Instruction ID: 845160e3793d9a64e68f2cc883bd98671b5cb88d9a641851badc135e3a6ac5d1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64d72c10dcef0b31eba07ae2e6e8716fa88d445eb3cdf0356ca4028fe95d120d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96519E32B196429AEB24CF15E444AB93392EB44B98F108135EB5E437ACDF7CE861C700
                                                                                                                                                                                                                  Function 00007FF73E52A440 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                  • Opcode ID: af187ac7702bbe61b89f476b50c531eabcf43557dc80e44ce432e44613b754e7
                                                                                                                                                                                                                  • Instruction ID: f0908f90b167c72457316149104a63da9d71244e0683830c98164743a0fbbf5e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af187ac7702bbe61b89f476b50c531eabcf43557dc80e44ce432e44613b754e7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9561B432908BC995D7209F15E8507AAF7A0FB84B84F444225EB9C47B96DF3CE198CB10
                                                                                                                                                                                                                  Function 00007FF73E52AC30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                  • Opcode ID: b4bf096430e14b10292ebe06d7f1bbdcc289425adacc7a8d38bf797533556420
                                                                                                                                                                                                                  • Instruction ID: cb136eefe09faeff29234038bb7af9e1a92cabfcdc06fc8987adab8d02db8ad6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4bf096430e14b10292ebe06d7f1bbdcc289425adacc7a8d38bf797533556420
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE51B33290828A97EB64AF219864378F7A0FB44B84F944135DB9D97BC6CF3CE459D710
                                                                                                                                                                                                                  Function 00007FFE005153B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                  • Opcode ID: 1e170ee299bc09ee18c69808025b70c1c4debf71e50133ac41dfcc8622020b51
                                                                                                                                                                                                                  • Instruction ID: 739da78fef1d8bdf0ef4c005a8f82cd610e8057c7b93e0916f45f9cad38f8fd4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e170ee299bc09ee18c69808025b70c1c4debf71e50133ac41dfcc8622020b51
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88517F32908B82CAEB748F1694442A877A3FB94B95F154135DB8D47BE9DF7CE490CB01
                                                                                                                                                                                                                  Function 00007FF73E4D5F50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                                                                                                                  • Opcode ID: 5e44c421ca2780774a47327fcbf5ab5fbd74483f4036cf8e6d20f67bc5247f4c
                                                                                                                                                                                                                  • Instruction ID: c382d1f8e8542da81e3eb29b7ff38b74405e2d43695a7110eb15a9b796e1c0fe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e44c421ca2780774a47327fcbf5ab5fbd74483f4036cf8e6d20f67bc5247f4c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD414E33B06646E9FB51EF70D8A03EDA374EF44708F884434EE4D26A56DE38D519A364
                                                                                                                                                                                                                  Function 00007FF73E514F70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Maklocwcsstd::_$Getvals
                                                                                                                                                                                                                  • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                                                  • API String ID: 1848906033-3573081731
                                                                                                                                                                                                                  • Opcode ID: 63d85050544a732c11a5a9d66b7eb406369dc1d1d10ab352b954bafac8f6a345
                                                                                                                                                                                                                  • Instruction ID: 6b61070fe9ef56149885826560ba5af82984388cfbc140377a5f9c674549e88f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63d85050544a732c11a5a9d66b7eb406369dc1d1d10ab352b954bafac8f6a345
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C41B172A08B81ABEB24DF25C5A036DBBA0FB44B81F454239D74943B41DF38F569DB40
                                                                                                                                                                                                                  Function 00007FF73E515244 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Maklocstr
                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                  • API String ID: 2987148671-2658103896
                                                                                                                                                                                                                  • Opcode ID: 220a4f2f3175942f53bb01fa2988b308f6ffc142f00bb36a1f603ffd8ccd9510
                                                                                                                                                                                                                  • Instruction ID: cc9c4b2fd6fb4344f37196b8e8ae683fb63672bfe1f65eb4d91e384a25fed5ca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 220a4f2f3175942f53bb01fa2988b308f6ffc142f00bb36a1f603ffd8ccd9510
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2414D23B18B45A9E710EF70E4501ED73B0FB48748B805126EE4D27B59EF38D699D364
                                                                                                                                                                                                                  Function 00007FFE004C6890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76networkCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorLastacceptgetpeernamegetsocknameioctlsocket
                                                                                                                                                                                                                  • String ID: Connection accepted from server$Error accept()ing server connect
                                                                                                                                                                                                                  • API String ID: 121512582-1795061160
                                                                                                                                                                                                                  • Opcode ID: b154797d60ad53e5a82b460c4cef5a6d38fe8b4f2717607dd2f6a69546198bc6
                                                                                                                                                                                                                  • Instruction ID: 7bc183f5c024c5b384e179ba519dd0c2d96853c3880c20a570f89a2c9e68f57d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b154797d60ad53e5a82b460c4cef5a6d38fe8b4f2717607dd2f6a69546198bc6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E318F7160CA8181EAB0DB25E4447AA63A1FB88BE4F404231DFAD477EDCF7CE1458B40
                                                                                                                                                                                                                  Function 00007FFE004D21B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: SimpleString::operator=
                                                                                                                                                                                                                  • String ID: Malformatted trailing header, skipping trailer
                                                                                                                                                                                                                  • API String ID: 356670603-3909195150
                                                                                                                                                                                                                  • Opcode ID: f053d966fcba9d13b839cef720b2f0db95cf986579f41a8872c5035736bc26af
                                                                                                                                                                                                                  • Instruction ID: 393f2e33562cbfbc763c51882cfba5a2836df48e97d3ef5923474d42ccf9fee9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f053d966fcba9d13b839cef720b2f0db95cf986579f41a8872c5035736bc26af
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE11A326F0CA4284FF90DB12E6402796750AF55BC4F488432EF8D07BBEDE6CD4428305
                                                                                                                                                                                                                  Function 00007FF73E545570 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                                  • Opcode ID: 1572732ba0503c4a2b848dc0f778c240f0b4fc5337685c6e306637ba54125ace
                                                                                                                                                                                                                  • Instruction ID: 5be280cef1a54594f642f42c16ad0ff55ea2f334c3fea7f3f8d2d438ddb1e838
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1572732ba0503c4a2b848dc0f778c240f0b4fc5337685c6e306637ba54125ace
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9D13632B08A919AEB10DF65D8502ACB7B1FB447D8BA44236CE5D57B89DE38D10AD710
                                                                                                                                                                                                                  Function 00007FFE00526624 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                                  • Opcode ID: ce58eb68231165fc076393b35c57a3b6d6e13b601c8e30ee39f451a8100f6e73
                                                                                                                                                                                                                  • Instruction ID: 75213aa61408c346576ff7e4764b482873e7279cd51aef5e6aec560063531802
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce58eb68231165fc076393b35c57a3b6d6e13b601c8e30ee39f451a8100f6e73
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90D1C132B18A8589E721CFB5D4502AC37B2FB55B98B548236CF5DA7BA9DF38D506C300
                                                                                                                                                                                                                  Function 00007FF73E50E58C Relevance: 6.3, APIs: 4, Instructions: 289COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 588606609-0
                                                                                                                                                                                                                  • Opcode ID: 2da31800917aae0ae03103cab9ca2c1f1ac0bcdc3a3d7ccf206749c1aec1e906
                                                                                                                                                                                                                  • Instruction ID: c4cdf0347f85b52b39a10d8846e4c08e915de419c60d87f1dea0e4059994100b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2da31800917aae0ae03103cab9ca2c1f1ac0bcdc3a3d7ccf206749c1aec1e906
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37B1F4A2B05A4561EE14EB15E9102BDA351EB04BE0FD44731EA7D03BE5EF3CE85AD311
                                                                                                                                                                                                                  Function 00007FFE0052A918 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                                                  • Opcode ID: cf8b651f3a944a260b85e0f306ace924e07433b277942cabeb87f4f550d9da80
                                                                                                                                                                                                                  • Instruction ID: 14759a9a1ebde2b37960e5fe7cc1d3622a8939e8a4b9b4604a7f2e599d60e37d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf8b651f3a944a260b85e0f306ace924e07433b277942cabeb87f4f550d9da80
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02510872F042128BFB38CBB499516BC2766AF65359F504239DF1E52BF9DF38A442C600
                                                                                                                                                                                                                  Function 00007FF73E4CA320 Relevance: 6.1, APIs: 4, Instructions: 146stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: lstrlen$_invalid_parameter_noinfo_noreturnlstrcpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2158166325-0
                                                                                                                                                                                                                  • Opcode ID: 47c73e5cec6686fa579e68c152c9bf9b2e54101d9c0695146d8d826ccfa26b9e
                                                                                                                                                                                                                  • Instruction ID: 616ace6b343cee8ae61a128060fc71e01a7fc41b1ed905fa6431fa32884243c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47c73e5cec6686fa579e68c152c9bf9b2e54101d9c0695146d8d826ccfa26b9e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C419822A19B4361DA60AB12A41427AE390FF4DBA4F960331FE9E477D5DF3CD485A720
                                                                                                                                                                                                                  Function 00007FF73E4C2890 Relevance: 6.1, APIs: 4, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy__std_exception_destroy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2138705365-0
                                                                                                                                                                                                                  • Opcode ID: 9ecbde0b9513f852f2f2cc9cb680f53d703292c5a2fc2dd45fb76413bf8d7ed5
                                                                                                                                                                                                                  • Instruction ID: 8838ab4f61a4d5417959750cb3bb13e36dfe104c07775823520e5e73b648b56f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ecbde0b9513f852f2f2cc9cb680f53d703292c5a2fc2dd45fb76413bf8d7ed5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5951D862E18BC6A2EA109B24E4513AEA360FF99794F809331FA9C03B95DF7CD1D5D710
                                                                                                                                                                                                                  Function 00007FF73E5351B0 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                                                  • Opcode ID: 6d3918e548cecd4e469b76ec98a0889ab2f173c52e63bbde1e1a752e7c3f2453
                                                                                                                                                                                                                  • Instruction ID: 4da531e874ef178b442fd92752ae49581596ea3d599e79c168badaade9f04e21
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d3918e548cecd4e469b76ec98a0889ab2f173c52e63bbde1e1a752e7c3f2453
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B416872908B8599EB67AF65D8303BC7BE0AB46F44FC99071DA8C07345DE3E9449D321
                                                                                                                                                                                                                  Function 00007FF73E4C2EBE Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2967684691-0
                                                                                                                                                                                                                  • Opcode ID: 7e370e624c4deda20d7eee0f0b941fe3eebf987117fc13e12627f79512425093
                                                                                                                                                                                                                  • Instruction ID: a15b1cde5358e9d99b00323b6c7e94f2b5d870d0927105b22765a404ac376c06
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e370e624c4deda20d7eee0f0b941fe3eebf987117fc13e12627f79512425093
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB313E32B09B42AAFB11EFB0D4902EC6374AF54708B444435EE4D27A59DE38955AA364
                                                                                                                                                                                                                  Function 00007FF73E500598 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                  • Opcode ID: 62bc1db5a1c920a7242aa8bd7e964e97518e9807bed1e2896ad9ef87d9005f58
                                                                                                                                                                                                                  • Instruction ID: 6043232424aef293e6bd1a4eea3ee1dac683b677ea89321f070d0058de715269
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62bc1db5a1c920a7242aa8bd7e964e97518e9807bed1e2896ad9ef87d9005f58
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE111862B14F019AEB009B60EC642A873B4FB59758F840E31EA6D867A4DF78E1689350
                                                                                                                                                                                                                  Function 00007FFE004E60D0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: htonl
                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                  • API String ID: 2009864989-3772416878
                                                                                                                                                                                                                  • Opcode ID: 93936901dd9033d4a48a3bab34143173019ecfb8dd1df9f8ad60d03bdf417f91
                                                                                                                                                                                                                  • Instruction ID: a2ee4a804df398a2b54f07e88d5d027870e4232f750ea53013a9a29c293f4032
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93936901dd9033d4a48a3bab34143173019ecfb8dd1df9f8ad60d03bdf417f91
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95A10262E0C2C345FA728A2591143BAA792AF71BD4F4A4135DF8D077EEDE2CE845874C
                                                                                                                                                                                                                  Function 00007FF73E52AE68 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                  • API String ID: 1467352782-3733052814
                                                                                                                                                                                                                  • Opcode ID: 5add1bb3069454046740aa751aae3dce8d01eb77020997f4e1daab549442f85c
                                                                                                                                                                                                                  • Instruction ID: 1408aec936618db4bd1cea095c843cc62e56ed81fb2906aa9e0c9f998f22b882
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5add1bb3069454046740aa751aae3dce8d01eb77020997f4e1daab549442f85c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D171F53250868696DB71AF25D8A037DFBA0EB00F88F488135EE5C87A86CF3CD499D710
                                                                                                                                                                                                                  Function 00007FF73E528C14 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Unwind__except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 2208346422-1018135373
                                                                                                                                                                                                                  • Opcode ID: 05e2cd8b116f695b15eab8c1cda4b7fd209c36ea20d7b0021cf4a52c2a7aa9dc
                                                                                                                                                                                                                  • Instruction ID: 2f1f5743c34ccb38b418742e2bd1c8d764f14ed44acc19163c6d8f522ce9969c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05e2cd8b116f695b15eab8c1cda4b7fd209c36ea20d7b0021cf4a52c2a7aa9dc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7512A32B0960AABDB14EB55E8247BCB391FB54B88F904131DA4E87784DF3DE849D710
                                                                                                                                                                                                                  Function 00007FF73E4D9FC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                  • String ID: PopupMessages$content
                                                                                                                                                                                                                  • API String ID: 3668304517-1906465244
                                                                                                                                                                                                                  • Opcode ID: d3383df39cbf0ff3fb0ada3c100854f30a934ac30ae810a7c1cd1ad72b9473c7
                                                                                                                                                                                                                  • Instruction ID: f4fdc10ea6a419bb91f9725834f9c49aa492cc6a84e10b6577d503f5490eeea2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3383df39cbf0ff3fb0ada3c100854f30a934ac30ae810a7c1cd1ad72b9473c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF51D423E08647A1EE51AF18D4502BAE360EF89B94FD55631FA4D026D6DF3CE888F310
                                                                                                                                                                                                                  Function 00007FF73E547414 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                  • Opcode ID: 648595326d31515e549fd0595eac39255c3c2bbad8eba86a1e46bedf09e7bfc6
                                                                                                                                                                                                                  • Instruction ID: 4940b4a25d497d44e6fcb0eedd72d3c17af8c1cb781bc9709e7d46623dc7eb0f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 648595326d31515e549fd0595eac39255c3c2bbad8eba86a1e46bedf09e7bfc6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44412B12A0876262FB20AB25AC61379DA60EF817A4FA04235EF5C06AD5DF3CD445DB10
                                                                                                                                                                                                                  Function 00007FFE0053178C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                  • Opcode ID: 290a041713c2e90dc2902098f5b84eaa7e0054df6a3a9305384b96ed8c723d1f
                                                                                                                                                                                                                  • Instruction ID: f0a0840bfa61a7a941b8675f13a6652ce8d513e0b484f6f1531992f389b20c6e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 290a041713c2e90dc2902098f5b84eaa7e0054df6a3a9305384b96ed8c723d1f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1410512A08B824AFB349B76A41137AA660EF90BA4F144235EF5D07BFDDE3CD441C708
                                                                                                                                                                                                                  Function 00007FF73E52B500 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 2558813199-1018135373
                                                                                                                                                                                                                  • Opcode ID: a2ec32bdc517ef511e581875e5e3be0bcdb4be4d766a222492756203934fbc4c
                                                                                                                                                                                                                  • Instruction ID: 9e20fb2888ba72fd084963540a2ec243b6bd7025c962b702f3be94c190215e40
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2ec32bdc517ef511e581875e5e3be0bcdb4be4d766a222492756203934fbc4c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0651903262874597E660FB16E8502AEB7A4FBC8BA0F840135EB8D87B55CF3CE054DB10
                                                                                                                                                                                                                  Function 00007FF73E53AE8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                  • String ID: C:\Program Files\Notepad++\updater\gup.exe
                                                                                                                                                                                                                  • API String ID: 3580290477-334128449
                                                                                                                                                                                                                  • Opcode ID: 35513e1f1505c9d20c7f4d4e3bf1a947d5115405412f1223697abd2175ff98bf
                                                                                                                                                                                                                  • Instruction ID: ee2aff859a1e71e8db7367546026961ac5bf91421b43bd09edc710bebfa500f2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35513e1f1505c9d20c7f4d4e3bf1a947d5115405412f1223697abd2175ff98bf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9241A276A08B52A5EB15FF219C601BDA394EF44794BD44035EA0E43B86CF3EE499A320
                                                                                                                                                                                                                  Function 00007FF73E545C08 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                                  • Opcode ID: 41fa9e24fb9f3569cf8c0d15c274b4cb0e47c79fe7f57a623d0989b962b62e57
                                                                                                                                                                                                                  • Instruction ID: 2a28adbff571b75ef5b51b3590f04c2738581cb0fd43dfacb53d4c81c3d2b525
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41fa9e24fb9f3569cf8c0d15c274b4cb0e47c79fe7f57a623d0989b962b62e57
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54411532B18A9196DB20EF25E8547A9B7A0FB88780FD04031EE4E87798EF3CD505DB10
                                                                                                                                                                                                                  Function 00007FF73E4C3180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                  • String ID: ios_base::failbit set
                                                                                                                                                                                                                  • API String ID: 1109970293-3924258884
                                                                                                                                                                                                                  • Opcode ID: fb785e1518e18886b105008bd2a153b69694606f5ed38c30180ac4d48362ed3f
                                                                                                                                                                                                                  • Instruction ID: 28f2835ad4083b56f43378356721d044a8f68821ee519244a9bf10d6448033ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb785e1518e18886b105008bd2a153b69694606f5ed38c30180ac4d48362ed3f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E231CA62D19B85A1EA009B25E8411B9A320FF5D764F945331FAEC027D5EF3CE1D4C710
                                                                                                                                                                                                                  Function 00007FFE004F97A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: recvfrom
                                                                                                                                                                                                                  • String ID: Internal error: Unexpected packet$Received too short packet
                                                                                                                                                                                                                  • API String ID: 846543921-1028201440
                                                                                                                                                                                                                  • Opcode ID: 615e414ab037844cb9f846bddb264dfb2e76884ff1ea2a2c0e05c7ebed4015a3
                                                                                                                                                                                                                  • Instruction ID: 22ffb0a6f2813d10c0fee200963a6635423a8e595fee0f11c4126eee446a2852
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 615e414ab037844cb9f846bddb264dfb2e76884ff1ea2a2c0e05c7ebed4015a3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E931C172B18A818BEB689B25E4507FA73A0FB84785F004032DB4D47769DF3CE420CB40
                                                                                                                                                                                                                  Function 00007FF73E51F014 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: 38a83c326fdcb71aae14bc71ad6d85533c0df093b3751207d8f682e016f9c8a4
                                                                                                                                                                                                                  • Instruction ID: bbaa75bfcf30b31bff755424d193aac91e1c79c275d4b782fb08695501b32c2c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38a83c326fdcb71aae14bc71ad6d85533c0df093b3751207d8f682e016f9c8a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7221F713A0C7C496EB219711E8503EEE791EB99744F988035EA8C17789DF7CD448C721
                                                                                                                                                                                                                  Function 00007FF73E51FDA4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: 8dad67cc0966beb6999af2cdddff37d902c4fc917451293838e2217b80fb4324
                                                                                                                                                                                                                  • Instruction ID: 494478051e795540ff820e49f424b60585d8d06c8b7e83f415e5bf8b272555f8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dad67cc0966beb6999af2cdddff37d902c4fc917451293838e2217b80fb4324
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9921F71260C7C496EB619701E8103EEE7A1EB99784F988135EACC1778ADF3CD449C721
                                                                                                                                                                                                                  Function 00007FF73E51FC98 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: 920ac3c3f7fd30b3b2b7d9587f33896b8fec732f8faaa36b0d9ed4cd97719e73
                                                                                                                                                                                                                  • Instruction ID: dc1d7ce4cab79b640cd43e438a7978ccc836ee53f919c6f838fccce9d9e5b5c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 920ac3c3f7fd30b3b2b7d9587f33896b8fec732f8faaa36b0d9ed4cd97719e73
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6521F512A0C7C496EB219701E8103EEE791EB9A784F988035EB8C17B8ADF3CD549C761
                                                                                                                                                                                                                  Function 00007FF73E506988 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: 3ed2dfeb2d884d07a81be3f52640bf7e38a7e9b09a4220a20f72176654cd1261
                                                                                                                                                                                                                  • Instruction ID: 302a87be8b1a9bbca5bd9ed3237fdb0aba8fbc4824f7134f784e4e9b8f147296
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ed2dfeb2d884d07a81be3f52640bf7e38a7e9b09a4220a20f72176654cd1261
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C131D1126087C595E721AB15E8603EAEB50EB9A784F888031EB8C17F85DF6CD90DC712
                                                                                                                                                                                                                  Function 00007FF73E506AA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: cda6198e5be8d4876ce765a24796bb1e65b1b8cdc1410721f31f7b80cb2918e3
                                                                                                                                                                                                                  • Instruction ID: 8960c4394f9892d7e53fb7abaecc2a606e0598795f5732b5ae67368c7856ce26
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cda6198e5be8d4876ce765a24796bb1e65b1b8cdc1410721f31f7b80cb2918e3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D331E11260D7C595E725AB15E8603EBFBA0EB9A784F888035EB8C07B85DF6CD50CC751
                                                                                                                                                                                                                  Function 00007FF73E51F120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: 35c4cdf628c0c8e4a732c75821fff6658435b124b49cb7438b4f48b46fefe550
                                                                                                                                                                                                                  • Instruction ID: 8d9d9a3dc04e50c64208e2536d963e045232258931f3070bdcd5ab5edf0d6ab9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35c4cdf628c0c8e4a732c75821fff6658435b124b49cb7438b4f48b46fefe550
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A21F513A0C7C496FB219701E8103EEE7A1EB99784F948035EA8C17B9ADF7CD448C721
                                                                                                                                                                                                                  Function 00007FF73E51E924 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: e427d01ce72f855c855154787f61b0884f9a4cd30b31689a0b9b3b578d104325
                                                                                                                                                                                                                  • Instruction ID: 4a50905bf348a3223e96a857783242034ff1d2127add41b9b2611bfa7311f424
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e427d01ce72f855c855154787f61b0884f9a4cd30b31689a0b9b3b578d104325
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B21D212A0D7C495EB619A15E8503EEE7A1EB99784F988031EACC07B89DF7CD44AC721
                                                                                                                                                                                                                  Function 00007FF73E51F5A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: 8f37e9f5e141fe105484db9a994e08db27d69e28ca2895e802e6cd5b16790c03
                                                                                                                                                                                                                  • Instruction ID: 1adcf5dc20d26b42ca714ea81412d17692e43576aed3da84405f79ad1c2a9f02
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f37e9f5e141fe105484db9a994e08db27d69e28ca2895e802e6cd5b16790c03
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE21FB5360D7C495EB219715E8103EEF3A1EB99784F948031DA8C57B99DF3CD449C720
                                                                                                                                                                                                                  Function 00007FF73E50617C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: ddd6d03bd937c8d059363435905484fdad7c6a49ceacf6b295fb6689a5c53aee
                                                                                                                                                                                                                  • Instruction ID: 38ef43fd9b8f34a3d9602c9b99b0199dbf66ce7bca1d149384ddf48de5ca23c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddd6d03bd937c8d059363435905484fdad7c6a49ceacf6b295fb6689a5c53aee
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3221D71260D7C595E7219715E8503EAF791E799744F988031EA8C03F8ADF7CD40AD751
                                                                                                                                                                                                                  Function 00007FF73E506288 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: swprintf
                                                                                                                                                                                                                  • String ID: %$+
                                                                                                                                                                                                                  • API String ID: 233258989-2626897407
                                                                                                                                                                                                                  • Opcode ID: 2a382e24b85c3a7132043a17261e1edacc00db9ed11092c5478bd563281f8a2c
                                                                                                                                                                                                                  • Instruction ID: 80e959958bd127405e068d93e805298e8159eff48e50aeea2a24c4016eb146f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a382e24b85c3a7132043a17261e1edacc00db9ed11092c5478bd563281f8a2c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4621F52260D7C599E7219B54E8603EAF761E799784F588031EACC07F89DF7CD40AC761
                                                                                                                                                                                                                  Function 00007FFE0052A34C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                                                  • Opcode ID: 8c8cbd62e5544ae84fe60f064e0a9dcc48565719910f733d49b673e016daf1a8
                                                                                                                                                                                                                  • Instruction ID: 3a54549b42455ba2c2bad6937dcb12c3244de688bd4aabba15b47bca629d4d4e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c8cbd62e5544ae84fe60f064e0a9dcc48565719910f733d49b673e016daf1a8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4821D032A0864582EB30DB15D44826E63B2FFA9B44F854035DB8D433A8DFBCE945C791
                                                                                                                                                                                                                  Function 00007FFE004DE1D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177866534.00007FFE004B1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE004B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177823092.00007FFE004B0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178244641.00007FFE00537000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178319717.00007FFE0055B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178356349.00007FFE0055C000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178403803.00007FFE0055D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2178452586.00007FFE00560000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ffe004b0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: SimpleString::operator=
                                                                                                                                                                                                                  • String ID: TS$\S
                                                                                                                                                                                                                  • API String ID: 356670603-802368436
                                                                                                                                                                                                                  • Opcode ID: 9faf77994f135d173a85488192d58463626e5e61677e2ee31941679ac5c6f5f1
                                                                                                                                                                                                                  • Instruction ID: b620e7f86c94eda1f1125e2ee5946fc111cc6abfdf35a9b33c0618f96af1431d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9faf77994f135d173a85488192d58463626e5e61677e2ee31941679ac5c6f5f1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E311B6A6B1C64681FEA4E712D6106B953A5FF447C8F488132DBCD0A7BDDEACE901CB04
                                                                                                                                                                                                                  Function 00007FF73E4C2CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                  • API String ID: 3988782225-1405518554
                                                                                                                                                                                                                  • Opcode ID: 103d243ad53007cd516a98af0ce5832516022c593b868f85f69cfbf6d03e1170
                                                                                                                                                                                                                  • Instruction ID: 6cacbadc0d7682999b9a196aa3bbf238f2d3e79157c1ba6ec84e03b3de370d6b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 103d243ad53007cd516a98af0ce5832516022c593b868f85f69cfbf6d03e1170
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B01D623105BC199C385EF74A88015CB7B5FB58F887585539DB8C8371AEF38C894C351
                                                                                                                                                                                                                  Function 00007FF73E528E7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73E50097E), ref: 00007FF73E528ECC
                                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73E50097E), ref: 00007FF73E528F0D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                  • Opcode ID: 1524073cb45e8d3f17b7f521ff0ccea7feb17ba33e56b9f36c1916218e1997a5
                                                                                                                                                                                                                  • Instruction ID: ece5424b4bd018d8d47cb0f589c2697dde0dfadd2ae84746e901427a8d28aca7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1524073cb45e8d3f17b7f521ff0ccea7feb17ba33e56b9f36c1916218e1997a5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F116D32608B4592EB609F15F8102A9F7E0FB88B94F984230EE8D47765EF3CC555CB00
                                                                                                                                                                                                                  Function 00007FF73E4CABC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2177493150.00007FF73E4C1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF73E4C0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177445442.00007FF73E4C0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177595829.00007FF73E557000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177653141.00007FF73E579000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177690106.00007FF73E57A000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177723221.00007FF73E57C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 0000000A.00000002.2177788797.00007FF73E57E000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff73e4c0000_GUP.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileOperationlstrcpy
                                                                                                                                                                                                                  • String ID: T
                                                                                                                                                                                                                  • API String ID: 3578832945-3187964512
                                                                                                                                                                                                                  • Opcode ID: 352247c9475dd8fe5050af7a2fe108e34ab42e0ac43d13326bb0184ab825f001
                                                                                                                                                                                                                  • Instruction ID: 40860ec22c9b10fc5d67f554d47ac4481eb2afad1bfe5bd779043f3b88cc89d6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 352247c9475dd8fe5050af7a2fe108e34ab42e0ac43d13326bb0184ab825f001
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D017032A08B8192DB149B25F49432AB3A0FB8CBA4F540335FBAE47B94DF3CD0558B00